Route advertisement by managed gateways

ABSTRACT

Some embodiments provide a network system. The network system includes a first set of host machines for hosting virtual machines that connect to each other through a logical network. The first set of host machines includes managed forwarding elements for forwarding data between the host machines. The network system includes a second set of host machines for hosting virtualized containers that operate as gateways for forwarding data between the virtual machines and an external network. At least one of the virtualized containers peers with at least one physical router in the external network in order to advertise addresses of the virtual machines to the physical router.

CLAIM OF BENEFIT TO PRIOR APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.15/436,714, filed Feb. 17, 2017, now published as U.S. PatentPublication 2017/0163532. U.S. patent application Ser. No. 15/436,714 isa continuation of U.S. patent application Ser. No. 14/214,561, filedMar. 14, 2014, and now issued as U.S. Pat. No. 9,590,901. U.S. patentapplication Ser. Nos. 14/214,561 and 15/436,714 are incorporated hereinby reference.

BACKGROUND

In physical L3 networks, such as the Internet, routers exchange routingand reachability information using various routing protocols, includingBorder Gateway Protocol (BGP). A primary functionality of BGP is toallow two routers to exchange information advertising available routesor routes that are no longer available. That is, a first router may usethis protocol to inform a second router that packets for a given IPaddress or IP prefix can be sent to the first router. The second routercan then use this information to calculate routes.

Within some managed virtualized networks, routes are calculated by anetwork controller and pushed down to the forwarding elements thathandle routing within the managed network. As the controller directs howthese forwarding elements will route packets, there is no need for theexchange of routing information between the forwarding elements.However, these managed virtualized networks may send and receive trafficthrough external networks. This currently requires an administrator tomanually provide routes to the routers in the external network.

BRIEF SUMMARY

Some embodiments provide a network control system that enables logicalnetworks operating in a network managed by the network control system topeer with and advertise routing information to physical routers outsideof the managed network. In some embodiments, the logical networkscontain logical routers at least partially implemented in managedgateways, and these gateways use a routing protocol (e.g., BorderGateway Protocol) to peer with the external physical routers. Whenmultiple managed gateways implement the logical router (or at least theportion of the logical router that interfaces with the externalnetwork), these multiple gateways may separately advertise the sameroutes to an external router in some embodiments, thereby allowing theexternal router to distribute traffic for the advertised destinationsacross the multiple gateways.

A logical router, in some embodiments, connects a set of logicalswitches to which virtual machines logically attach. Each logical switchrepresents a particular set of IP addresses (i.e., a subnet), and isimplemented in the managed network across a set of managed forwardingelements to which the virtual machines physically connect (e.g., throughvirtual interfaces). In some embodiments, the logical routers areimplemented in a distributed fashion as well by the managed forwardingelements that connect to the virtual machines. However, when the logicalrouter also connects to the external network via one or more ports,these connections to the external network are implemented through theuse of one or more gateways. The gateways, in some embodiments, areresponsible for both sending data traffic from the managed network tothe external unmanaged physical network and processing traffic sent fromthe external network into the managed network.

In some embodiments, a user (e.g., an administrator) configures alogical network, including a logical router with one or more portsconnecting to the external network, for implementation within themanaged network. In addition, the user may specify that the logicalrouter, via these ports, should peer with physical routers in theexternal network in order to exchange routing information. Uponreceiving the logical network configuration, a network controller (orcontroller cluster) responsible for managing the logical router selectsa set of gateways for implementing the connection to the externalnetworks. In some embodiments, when these ports of the logical routerhave been designated for peering with the external routers, the networkcontroller assigns each such port to a different gateway. In someembodiments, these gateways are spread across clusters of gateways inthe network, such that each port is implemented in a different failuredomain.

The selected gateways peer with the external routers using a routingprotocol, such as Border Gateway Protocol (BGP). In some embodiments,the controller generates routing protocol data based on the logicalnetwork configuration. For each port of the logical router that facesthe external network, the controller identifies (i) the set of externalrouters with which the gateway implementing the port will peer (that is,its neighbors) and (ii) the set of routes that the gateway implementingthe port will advertise. These routes may be simply the IP prefixesrepresenting the logical switches that connect to the logical router, ormay additionally include other routes input by the user or dynamicallygenerated by processes that implement the logical router. In someembodiments, different ports of the logical router may advertise theirroutes to different external network routers. Once the networkcontroller generates this data, along with the routing table data forthe logical router implementation in the gateway, the network controllerdistributes the data to the gateways (e.g., through a hierarchy ofnetwork controllers).

In some embodiments, the gateways on which the logical routers areimplemented are host machines grouped in clusters, allocated for hostinglogical routers and other services for logical networks. These gatewaymachines also include managed forwarding elements, which serve as tunnelendpoints for packets sent to and from the managed forwarding elementson which the VMs reside. Some embodiments implement the logical routerswithin virtualized containers that have the ability to store a routingtable, such as namespaces. In addition, some embodiments operate arouting protocol application, or daemon (e.g., a BGP daemon) in thenamespace. In some cases, a gateway host machine may have severalnamespaces operating different logical routers, some or all of whichinclude a routing protocol application for peering with the externalrouters.

One or more daemons may operate on the gateway host machine outside ofthe namespaces (e.g., in the virtualization software of the gateway) inorder to receive data tuples that define both the routing tables and therouting protocol configuration for a particular namespace. This daemonor daemons operate to instantiate the namespace, provision the namespacewith the routing table, and start the routing protocol application inthe namespace. In addition, the daemon(s) generate a configuration filefor the routing protocol application in some embodiments, and store theconfiguration file (e.g., in a file system of the host machine) foraccess by the routing protocol application.

Upon installing its configuration file, the routing protocol applicationbegins communication with the external router. In some embodiments, theapplication behaves in the same way as a standard physical router wouldin terms of its exchange of information with its neighbors. For example,the BGP daemon of some embodiments opens a BGP session with each routeridentified as a neighbor in its configuration, sends keep-alive messagesas specified by BGP, and advertises its routes to the identifiedneighbors via BGP packets. In some embodiments, the BGP daemon alsoreceives BGP packets sent by its neighbors, and uses these packets toidentify routes. The BGP daemon of some embodiments either installs theroutes in its local routing table (i.e., within the same namespace),pushes the routes up to the network controller so that the networkcontroller can calculate new routing tables for the gateway routingtables implementing the logical router, or a combination thereof. Inother embodiments, however, the advertisement of routes only works inone direction, with the BGP daemon sending out routes to its neighborsbut not installing routes received from those neighbors. That is, theBGP daemon neither pushes the received routes up to the networkcontrollers nor installs the routes in the routing table at the localgateway.

In some cases, multiple gateways that implement the same logical router(e.g., implementing different ports) may advertise the same routes(e.g., to reach VMs on a particular logical switch, or to reach a publicIP shared by those VMs) to the same external router. The externalrouter, in this case, will view these multiple gateways as equal-costnext-hops for packets sent to the advertised addresses. As such, theexternal routers in some embodiments spread packets sent to thosedestinations across the various gateways that advertise the routes. Theexternal routers may use any of a variety of different equal-costmulti-path (ECMP) techniques to determine to which gateway a packetshould be sent.

In the above-described embodiments, the routing protocol applicationresides inline. That is, the application operates on the gateway, whichis the location through which packets are sent. In some embodiments,however, the network controller(s) act as a route server for thegateways, and the routing protocol application resides on thecontroller. In this case, the routing protocol configuration is notdistributed to the gateways by the controller, but instead used toinstantiate the routing protocol application on the controller. Thecontroller then advertises the routing information to the externalrouters (and potentially receives advertised routing information fromthe external routers). This advertised information informs the externalrouters as to which gateways to use for which routes. As in the inlinecase, the external routers may use ECMP techniques to distribute packetssent to the logical network between the several gateways.

The preceding Summary is intended to serve as a brief introduction tosome embodiments of the invention. It is not meant to be an introductionor overview of all inventive subject matter disclosed in this document.The Detailed Description that follows and the Drawings that are referredto in the Detailed Description will further describe the embodimentsdescribed in the Summary as well as other embodiments. Accordingly, tounderstand all the embodiments described by this document, a full reviewof the Summary, Detailed Description and the Drawings is needed.Moreover, the claimed subject matters are not to be limited by theillustrative details in the Summary, Detailed Description and theDrawing, but rather are to be defined by the appended claims, becausethe claimed subject matters can be embodied in other specific formswithout departing from the spirit of the subject matters.

BRIEF DESCRIPTION OF THE DRAWINGS

The novel features of the invention are set forth in the appendedclaims. However, for purpose of explanation, several embodiments of theinvention are set forth in the following figures.

FIG. 1 conceptually illustrates a logical network architecture of someembodiments that includes a logical router.

FIG. 2 conceptually illustrates a physical implementation of the logicalnetwork of FIG. 1.

FIG. 3 conceptually illustrates a network control system of someembodiments for provisioning managed forwarding elements, L3 gateways,and routing protocol applications in order to implement logical networksand enable the logical routers of those networks to peer with externalrouters.

FIG. 4 conceptually illustrates the propagation of data through thehierarchical network control system of some embodiments.

FIG. 5 conceptually illustrates a process of some embodiments forgenerating and distributing data in order to implement a set ofconnections between a logical router in a managed network and anexternal network.

FIG. 6 conceptually illustrates five separate clusters of gateway hosts,and the logical router ports (referred to as uplinks) implemented onthose gateway hosts.

FIG. 7 conceptually illustrates a software architecture of someembodiments for a gateway host machine.

FIG. 8 conceptually illustrates a process of some embodiments forsetting up or modifying a L3 gateway on a gateway host machine.

FIG. 9 conceptually illustrates a process of some embodiments performedby the routing protocol application (e.g., BGP daemon) of someembodiments in order to advertise routes to external routers for an L3gateway.

FIG. 10 illustrates both a logical network and the physicalimplementation of that logical network in a managed network.

FIG. 11 conceptually illustrates the provisioning of BGP daemons in thethree namespaces on the gateway hosts of FIG. 10 by a controller clusterthat operates to control the managed network.

FIG. 12 conceptually illustrates the BGP Update packets sent by BGPdaemons in the namespaces according to some embodiments.

FIGS. 13 and 14 conceptually illustrate the path taken by trafficingressing into the managed network of FIG. 10.

FIG. 15 illustrates two logical networks and the physical implementationof those logical networks in a managed network.

FIG. 16 illustrates the provisioning of BGP daemons in seven namespacesof FIG. 15 by a controller cluster.

FIG. 17 conceptually illustrates the BGP Update packets sent by thevarious BGP daemons of FIG. 15 to an external router, once the daemonsrunning in the various namespaces have established adjacencies with therouter.

FIG. 18 conceptually illustrate the paths taken by three packetsingressing into the managed network of FIG. 15.

FIG. 19 conceptually illustrates a process of some embodiments forgenerating BGP configuration data for a logical network and thenimplementing that configuration data by a BGP service in the controllerthat generated the data.

FIG. 20 illustrates both a logical network and the physicalimplementation of that logical network in a managed network, in whichthe controller acts as a route server.

FIG. 21 conceptually illustrates data sent by the controller cluster inorder to effectuate a logical router of the logical network of FIG. 20.

FIG. 22 conceptually illustrates the path taken by several packetsentering the managed network of FIG. 20.

FIG. 23 conceptually illustrates the software architecture of acontroller of some embodiments that acts as a route server for a logicalnetwork.

FIG. 24 conceptually illustrates such a managed network of someembodiments within which a logical network is implemented, and whichuses a separate gateway as a route server.

FIG. 25 conceptually illustrates an electronic system with which someembodiments of the invention are implemented.

DETAILED DESCRIPTION

In the following detailed description of the invention, numerousdetails, examples, and embodiments of the invention are set forth anddescribed. However, it will be clear and apparent to one skilled in theart that the invention is not limited to the embodiments set forth andthat the invention may be practiced without some of the specific detailsand examples discussed.

Some embodiments provide a network control system that enables logicalnetworks operating in a network managed by the network control system topeer with and advertise routing information to physical routers outsideof the managed network. In some embodiments, the logical networkscontain logical routers at least partially implemented in managedgateways, and these gateways use a routing protocol (e.g., BorderGateway Protocol) to peer with the external physical routers. Whenmultiple managed gateways implement the logical router (or at least theportion of the logical router that interfaces with the externalnetwork), these multiple gateways may separately advertise the sameroutes to an external router in some embodiments, thereby allowing theexternal router to distribute traffic for the advertised destinationsacross the multiple gateways.

FIG. 1 conceptually illustrates an example of a logical networkarchitecture 100. The logical network 100 includes two logical switches105 and 110 and a logical router 115. Each of the logical switches 105and 110 connects several virtual machines (in this case, two virtualmachines (VMs) are connected by each logical switch, and the logicalrouter 115 connects the two logical switches (i.e., logical layer 2domains) together. In addition, the logical router connects the logicalnetwork to an external network 120, via three logical ports. While inthis example, the logical router 115 has several ports connecting to theexternal network (e.g., as uplink ports), in some embodiments thelogical router may only have a single port that connects to the externalnetworks.

In some embodiments, the logical network is an abstract conception of anetwork generated by an administrator, and the logical network isimplemented in a virtualized, distributed manner in a managed physicalinfrastructure (e.g., in a multi-tenant datacenter). That is, thevirtual machines that connect to the logical switches may reside onvarious different host machines within the infrastructure, and physicalmanaged forwarding elements (e.g., software virtual switches) operatingon these host machines implement some or all of the logical forwardingelements (logical switches, logical routers, etc.).

A logical router, as in this example, connects a set of logical switchesto which virtual machines logically attach. Each logical switchrepresents a particular set of IP addresses (i.e., a subnet), and isimplemented in the managed network across a set of managed forwardingelements to which the virtual machines physically connect (e.g., throughvirtual interfaces). In some embodiments, the logical routers areimplemented in a distributed fashion as well by the managed forwardingelements that connect to the virtual machines. However, when the logicalrouter also connects to the external network via one or more ports,these connections to the external network are implemented through theuse of one or more gateways. The gateways, in some embodiments, areresponsible for both sending data traffic from the managed network tothe external unmanaged physical network and processing traffic sent fromthe external network into the managed network.

FIG. 2 conceptually illustrates such a physical implementation of thelogical network 100. This figure illustrates a managed network 200 thatincludes three host machines 205-215 and three gateway host machines235-245. The VMs of the logical network 100 reside on the hosts 205-215,implemented on top of virtualization software (e.g., a hypervisor,virtual machine monitor, etc.) that operates in the host. Additionalvirtual machines that connect to other logical networks may reside onsome or all of these hosts, as well as additional hosts in the managednetwork that are not shown in this figure.

In addition to the virtual machines, each of the hosts 205-215 operatesa managed forwarding element (MFE) 220-230. In some embodiments, thisMFE is a virtual switch that operates within the virtualization softwareof the host (e.g., Open vSwitch, or another software forwardingelement). In the example illustrated in FIG. 2, the MFEs 220-230 eachimplement both of the logical switches 105 and 110, as well as thelogical router 115. This enables first-hop logical processing in someembodiments, in which all or most of the logical processing for a packetis performed at the first MFE that receives the packet. Thus, a packetsent from VM 1 to VM 4 would be processed, by the MFE 220, throughlogical switch 105 to logical router 115 and then to logical switch 110.The MFE 220 would identify the logical egress port of logical switch 110for the packet as the port to which VM 4 attaches, and map this egressport to a tunnel to the MFE 230 at host 210.

In some embodiments, a network controller (or controller cluster)provisions the MFEs 220-230 by generating flow entries, or data tuplesthat the MFE converts into flow entries. These flow entries specifymatching conditions (e.g., physical ingress port, logical ingress port,destination MAC or IP addresses, transport layer 5-tuples, etc.) andactions to take on a packet that matches the conditions (e.g., assignpacket to a logical forwarding element, assign a logical egress port,write data to register, encapsulate in a particular tunnel, etc.). Thus,in order for the MFE to process a packet through the logical network,the MFE matches the packet to a first flow entry, performs the action(e.g., to modify the packet or store logical context data in a registerfor the packet), resubmits the packet in order to match another flowentry, etc.

The gateway host machines 235-245 of some embodiments host L3 gateways250-260 for the logical network 100 that implement the connectionsbetween the external network 120 and the logical network 100(specifically, the logical router 115). When the physical router 275receives a packet with a destination address that corresponds to one ofthe VMs of the logical network 100, or a public IP shared by the VMs ona logical switch, the physical router 275 sends the packet to one of thegateway hosts 235-245. The gateway hosts 235-245 also include MFEs, andin some embodiments these MFEs receive packets from the physical router275 and hand off the packets to the L3 gateway in their respective hostfor processing.

In some embodiments, a user (e.g., an administrator) configures thelogical network 100. Upon receiving such a configuration with severallogical router ports connecting to the external network, a networkcontroller (or controller cluster) selects the set of gateway hostmachines 235-245 for implementing this connection. Specifically, someembodiments select a different gateway host machine for each of theselogical router ports. In some embodiments, these gateways are spreadacross clusters of gateways in the network, such that each port isimplemented in a different failure domain. The network controllercalculates a routing table for the logical router, a portion of which isimplemented at the gateway host machines and a portion of which isimplemented by the MFEs (e.g., the MFEs 220-230 and those on the gatewayhost machines 235-245).

The L3 gateways 250-260 implement the portion of the routing table ofthe logical router 115 for north-south traffic (i.e., traffic sent intoand out of the managed network). Some embodiments only handle ingresstraffic, with outgoing traffic sent through other means (e.g., by adirect connection between the MFEs in the host machines 220-230 and thephysical router 275 or other network elements in the external network120). In other embodiments, the L3 gateways handle both ingress andegress traffic.

As shown, the L3 gateways 250-260 each include a Border Gateway Protocol(BGP) daemon 280-290. These daemons 280-290 peer with the externalphysical router 275 and advertise routes to this router for the logicalrouter 115. In some embodiments, the BGP daemons 280-290 operates in thesame way as a traditional physical router in terms of its exchange ofinformation with its neighbors. For example, these BGP daemons may opena BGP session with the physical router 275, send keep-alive messages asspecified by the protocol, and advertise its routes to the physicalrouter 275 via BGP packets. In some embodiments, the BGP daemons alsoreceive BGP packets sent by the physical router 275, and uses thesepackets to identify routes. The BGP daemons of some embodiments eitherinstall the routes in their local routing tables (i.e., within the samenamespaces), push the routes up to the network controller so that thenetwork controller can calculate new routing tables for all of the L3gateways implementing the logical router, or a combination thereof. Inother embodiments, however, the BGP daemon only effectively works in onedirection, sending out routes to its neighbors (to attract ingresstraffic) but not installing routes received from those neighbors. Thatis, the BGP daemon neither pushes the received routes up to the networkcontrollers nor installs the routes in the routing table at the localgateway.

In some embodiments, the peering of the L3 gateways with the physicalrouter(s) is a user-specified property of the logical ports. In someembodiments, when the user (e.g., administrator) specifies for thelogical router to peer with external routers, the controller generatesrouting protocol data based on the logical network configuration. Foreach port of the logical router that faces the external network, thecontroller identifies (i) the set of external routers with which thegateway implementing the port will peer (that is, its neighbors) and(ii) the set of routes that the gateway implementing the port willadvertise. These routes may be simply the IP prefixes representing thelogical switches that connect to the logical router, or may additionallyinclude other routes input by the user or dynamically generated byprocesses that implement the logical router. In some embodiments,different ports of the logical router may advertise their routes todifferent external network routers. Once the network controllergenerates this data, along with the routing table data for the L3gateway, the network controller distributes the data to the gateways(e.g., through a hierarchy of network controllers).

In some embodiments, the L3 gateways 250-260 are virtualized containersthat have the ability to store a routing table, such as namespaces. Inaddition, the BGP daemons 280-290, or other routing protocolapplications, operate within these containers according to the datareceived from the controllers. One or more daemons may operate on thegateway host machine outside of the containers (e.g., in thevirtualization software of the gateway) in order to receive data tuplesfrom the controller that define both the routing tables and the BGPconfiguration for a particular namespace. This daemon or daemons operateto instantiate the namespace, provision the namespace with the routingtable, and start the BGP daemon in the namespace. In addition, thedaemon(s) generate a configuration file for the BGP daemon in someembodiments, and store the configuration file (e.g., in a file system ofthe host machine) for access by the routing protocol application. Uponinstalling its configuration file, the BGP daemons begins communicationwith its external router neighbors.

In the example shown in FIG. 2, multiple gateways 235-245 that implementthe same logical router 115 (e.g., implementing different ports)advertise the same routes (e.g., to reach VMs on the logical switches105 and 110) to the same external router 275. The external router, insome embodiments, views these multiple L3 gateways as equal-costnext-hops for packets sent to the advertised addresses. As such, theexternal routers in some embodiments spread packets sent to thosedestinations across the various gateways that advertise the routes. Theexternal routers may use any of a variety of different equal-costmulti-path (ECMP) techniques to determine to which gateway a packetshould be sent.

In the above-described embodiments, the routing protocol applicationresides inline. That is, the application operates on the gateway, whichis the location through which packets are sent. In some embodiments,however, the network controller(s) act as a route server for thegateways, and the routing protocol application resides on thecontroller. In this case, the routing protocol configuration is notdistributed to the gateways by the controller, but instead used toinstantiate the routing protocol application on the controller. Thecontroller then advertises the routing information to the externalrouters (and potentially receives advertised routing information fromthe external routers). This advertised information informs the externalrouters as to which gateways to use for which routes. As in the inlinecase, the external routers may use ECMP techniques to distribute packetssent to the logical network between the several gateways.

The above description introduces the use of BGP by logical networks ofsome embodiments, though one of ordinary skill in the art will recognizethat the invention is not limited to BGP, and that other routingprotocols may be used. Several more detailed embodiments are describedbelow. First, Section I describes the provisioning of gateways bynetwork controllers. Section II then describes architecture of the hostmachines that host L3 gateways in some embodiments. Next, Section IIIdescribes the process of configuring a routing protocol application on agateway, and Section IV describes the operation of the routing protocolapplication of some embodiments. Section V then describes the use of anetwork controller as a route server in some embodiments. Finally,Section VI describes an electronic system with which some embodiments ofthe invention are implemented.

I. Provisioning Gateways by Network Controllers

As mentioned, in some embodiments a network control system sets up andconfigures the logical routers and associated routing protocolapplications in one or more gateways for a logical network. One or morenetwork controllers in the network control system receive the networkconfiguration input by an administrator and convert this informationinto data tuples that can be read by the gateway host machines, inaddition to selecting the one or more gateway host machines to use forthe logical routers. The network control system also distributes thedata tuples to these host machines.

FIG. 3 conceptually illustrates such a network control system 300 ofsome embodiments for provisioning managed forwarding elements, L3gateways, and routing protocol applications in order to implementlogical networks and enable the logical routers of those networks topeer with external routers. As shown, the network control system 300includes an input translation controller 305, a logical controller 310,physical controllers 315 and 320, host machines 325-340, and two gatewayhost machines 345 and 350. As shown, the hosts 325-340, as well as thegateway hosts 345 and 350, include managed forwarding elements, whichmay implement logical forwarding elements as shown in the above figures(e.g., through the use of flow entries). The gateway hosts 345 and 350also each include L3 gateways for handling packets ingressing to and/oregressing from the managed network. These L3 gateways additionallyinclude BGP functionality (e.g., in the form of a BGP daemon). One ofordinary skill in the art will recognize that many other differentcombinations of the various controllers and hosts are possible for thenetwork control system 300.

In some embodiments, each of the controllers in a network control systemis a computer (e.g., having an x86-based processor) with the capabilityto function as an input translation controller, logical controller,and/or physical controller. Alternatively, in some embodiments a givencontroller may only have the functionality to operate as a particularone of the types of controller (e.g., only as a physical controller). Inaddition, different combinations of controllers may run in the samephysical machine. For instance, the input translation controller 305 andthe logical controller 310 may run in the same computing device, withwhich a data center management application interacts (or with which anadministrator interacts directly).

The input translation controller 305 of some embodiments includes aninput translation application that translates network configurationinformation received from a user. While shown as receiving theinformation directly from the user in FIG. 3, in some embodiments a userinteracts with a data center management application, which in turnpasses the network configuration information to the input translationcontroller.

For example, a user may specify a network topology such as that shown inFIG. 1. For each of the logical switches, the user specifies themachines that connect to the logical switch (i.e., to which logicalports of the logical switch the VMs are assigned). The user may alsospecify which logical switches attach to any logical routers, one ormore logical ports of the logical router for connection to externalnetworks, and whether these logical ports peer with external physicalrouters. The input translation controller 305 translates the receivednetwork topology into logical control plane data that describes thenetwork topology as a set of data tuples in some embodiments. Forexample, an entry might state that a particular MAC address A is locatedat a first logical port X of a particular logical switch, that a logicalrouter Q is located at a second logical port Y of the particular logicalswitch, or that a logical port G of the logical router Q is an uplinkport interfacing with the external network.

In some embodiments, each logical network is governed by a particularlogical controller (e.g., logical controller 310). The logicalcontroller 310 of some embodiments translates the logical control planedata that defines the logical network and the logical forwardingelements (e.g., logical routers, logical switches) that make up thelogical network into logical forwarding plane data, and the logicalforwarding plane data into physical control plane data. The logicalforwarding plane data, in some embodiments, consists of flow entriesdescribed at a logical level. For the MAC address A at logical port X,logical forwarding plane data might include a flow entry specifying thatif the destination of a packet matches MAC A, to forward the packet toport X. The port of the logical router Q will also have a MAC address,and similar flow entries are created for forwarding packets with thisMAC address to port Y of the logical switch. In addition, the logicalforwarding plane data of some embodiments includes a flow entry forsending packets with an unknown IP address to, e.g., logical port G.

In some embodiments, the logical controller translates the logicalforwarding plane data into universal physical control plane data. Theuniversal physical control plane data enables the network control systemof some embodiments to scale even when the network includes a largenumber of managed forwarding elements (e.g., thousands) to implement alogical forwarding element, and when the network implements a largenumber of logical networks. The universal physical control planeabstracts common characteristics of different MFEs in order to expressphysical control plane data without considering differences in the MFEsand/or location specifics of the MFEs.

As stated, the logical controller 310 of some embodiments translateslogical control plane data into logical forwarding plane data (e.g.,logical flow entries that include a match over logical networkparameters, such as logical addresses, logical ingress ports, etc.),then translates the logical forwarding plane data into universalphysical control plane data. In some embodiments, the logical controllerapplication stack includes a control application for performing thefirst translation and a virtualization application for performing thesecond translation. Both of these applications, in some embodiments, usea rules engine for mapping a first set of tables into a second set oftables. That is, the different data planes are represented as tables(e.g., nLog tables), and the controller applications use a table mappingengine (e.g., an nLog engine) to translate between the planes (e.g., byapplying join operations on the tables). The input and output tables, insome embodiments, store sets of data tuples that define the differentplanes of data.

Each of the physical controllers 315 and 320 is a master of one or moremanaged forwarding elements (e.g., located within host machines). Inthis example, each of the two physical controllers is a master of twomanaged forwarding elements located at the VM host machines 325-340.Furthermore, the physical controller 315 is a master of two gatewayhosts 345 and 350, on which both MFEs as well as L3 gateways for aparticular logical network reside. In some embodiments, all of the L3gateways for a logical router are managed by the same physicalcontroller (as in this figure), while in other embodiments differentphysical controllers manage the different gateway hosts for a logicalnetwork.

In some embodiments, a physical controller receives the universalphysical control plane data for a logical network and translates thisdata into customized physical control plane data for the particular MFEsthat the physical controller manages and which require data for theparticular logical network. In other embodiments, the physicalcontroller passes the appropriate universal physical control plane datato the MFEs, which have the ability (e.g., in the form of a chassiscontroller running on the host machine) to perform this conversionthemselves.

The universal physical control plane to customized physical controlplane translation involves a customization of various data in the flowentries. For the example noted above, the universal physical controlplane would involve several flow entries (i.e., several data tuples).The first entry states that if a packet matches the particular logicaldata path set (e.g., based on the packet being received at a particularphysical ingress port), and the destination address matches MAC A, thenforward the packet to logical port X. This entry will be the same in theuniversal and customized physical control planes, in some embodiments.Additional entries are generated to match a physical ingress port (e.g.,a virtual interface of the host machine) to the logical ingress port X(for packets received from the VM having MAC A), as well as to match adestination logical port X to the physical egress port of the physicalMFE (e.g., again the virtual interface of the host machine). However,these physical ingress and egress ports are specific to the host machineon which the MFE operates. As such, the universal physical control planeentries include abstract physical ports while the customized physicalcontrol plane entries include the actual physical interfaces (which, inmany cases are virtual interfaces) that attach to the specific MFEs.

In some embodiments, as shown, the gateway hosts also operate managedforwarding elements (e.g., using the same packet processing/virtualswitching software as the VM hosts 325). These MFEs also receivephysical control plane data from the physical controller that enablesthe MFEs to implement the logical forwarding elements. In addition, someembodiments distribute the routing table data and routing protocol(e.g., BGP) configuration information to the L3 gateways operating inthe gateway hosts through the hierarchical network control system. Thelogical controller 310 that manages the logical network selects the setof gateway hosts for the logical router (e.g., using a load balancingalgorithm that spreads the L3 gateways for various logical routersacross a set of hosts), then generates the data to distribute to thesehosts.

The logical controller identifies the physical controller(s) thatmanages each of these selected gateway hosts, and distributes therouting table and/or routing protocol configuration data to theidentified physical controllers. In some embodiments, both the L3gateway configuration (e.g., a routing table, NAT table, etc.) and theBGP configuration are distributed as a set of data tuples. For instance,the BGP configuration data tuples of some embodiments specifies IPaddresses of the gateway's BGP neighbors, and a set of IP addresses orprefixes to advertise to those neighbors. The physical controllers thendistribute these data tuples to the gateway hosts. In some embodiments,each of the gateway hosts for a particular logical router receives thesame routing table and BGP configuration. On the other hand, in someembodiments, different gateway hosts may have connections to differentexternal physical routers, and therefore has different sets of BGPneighbors. As described in detail below, the gateway hosts convert thedata tuples into (i) a routing table for use by a container (e.g., a VM,a namespace) that operates on the gateway host as the L3 gateway and(ii) a BGP configuration file for use by a BGP module (e.g., a daemon orother application) that operates within the container.

The above describes the hierarchical network control system of someembodiments, although the network control system of other embodimentsincludes only a single controller (or a controller cluster with oneactive and one or more standby controllers). FIG. 4 conceptuallyillustrates the propagation of data through the hierarchical networkcontrol system of some embodiments. The left side of this figure showsthe data flow to the managed forwarding elements to implement thelogical forwarding elements (e.g., the logical switches and logicalrouters) of the logical network, while the right side of the figureshows the propagation of BGP data to the gateway hosts in order toprovision a BGP daemon operating within the L3 gateway.

On the left side, the input translation controller 305 receives anetwork configuration through an API, which is converted into logicalcontrol plane data. This network configuration data includes a logicaltopology such as that shown in FIG. 1. The network configurationspecifies attachments of logical switches to a logical router in someembodiments, with MAC addresses assigned to each VM and each logicalrouter port that connects to a logical switch, and each logical switchhaving an associated IP subnet.

As shown, the logical control plane data is converted by the logicalcontroller 310 (specifically, by a control application of the logicalcontroller) to logical forwarding plane data, and then subsequently (bya virtualization application of the logical controller) to universalphysical control plane data. In some embodiments, these conversionsgenerate a flow entry at the logical forwarding plane (or a data tuplethat defines a flow entry), then add a match over the logical data pathset (e.g., the logical switch or router) at the universal physicalcontrol plane. The universal physical control plane also includesadditional flow entries (or data tuples) for mapping generic physicalingress ports (i.e., a generic abstraction of a port not specific to anyparticular MFE) to logical ingress ports as well as for mapping logicalegress ports to generic physical egress ports. For instance, for a portof the logical switch at which a VM resides, the flow entries at theuniversal physical control plane would include a forwarding decision tosend a packet to the logical port to which the VM connects when thedestination MAC address of the packet matches that of the VM, as well asan egress context mapping entry that maps the logical egress port to ageneric physical (i.e., virtual) interface. For other MFEs, includingthose at the gateway hosts, the universal physical control plane dataincludes a generic tunneling entry for encapsulating the packet in atunnel to the MFE at which the VM is located.

The physical controller 315 (one of the several physical controllers inthe hierarchical network control system 300), as shown, translates theuniversal physical control plane data into customized physical controlplane data for the particular MFEs that it manages at hosts 325, 330,345, and 350. This conversion involves substituting specific data (e.g.,specific physical ports or tunnel encapsulation information) for thegeneric abstractions in the universal physical control plane data. Forinstance, in the example of the above paragraph, the port integrationentries are configured to specify the physical layer port to which theVM attaches (i.e., an identifier for the actual virtual interface).Similarly, the tunnel encapsulation entries for the different MFEs willhave different tunnel encapsulation information.

While this example illustrates the physical controller 315 as performingthe universal physical control plane to customized physical controlplane translation, some embodiments utilize a chassis controller on thehost machines for this task. In such embodiments, the physicalcontrollers do not translate the physical control plane data, butinstead just serve as a distribution mechanism for delivering this datato the numerous host machines located in the network so that the logicalcontroller does not have to communicate with every MFE in the network.In this case (not shown in the figures), the universal physical controlplane to customized physical control plane conversion is performed byone module or element at the hosts 325 and 345 (i.e., the chassiscontroller), while the MFEs at the hosts 325 and 345 perform thecustomized physical control plane to physical forwarding plane dataconversion.

Whether the customization of the physical control plane data isperformed by the physical controller or a chassis controller at thehost, the MFE at host 325 (one of several MFEs managed by the physicalcontroller 315) performs a translation of the customized physicalcontrol plane data into physical forwarding plane data. The physicalforwarding plane data, in some embodiments, are the flow entries storedwithin the MFE (e.g., within the user space and/or kernel of a softwarevirtual switch such as Open vSwitch) against which the MFE actuallymatches received packets. In addition, the MFEs at both of the gatewayhosts 345 and 350 perform such a translation in order to forward packetsbetween (i) the L3 gateways, (ii) other network entities (e.g., VMs)within the managed network via tunnels, and (iii) the external network.

The right side of FIG. 4 illustrates data propagated to the gatewayhosts (e.g., host 345) to implement a BGP configuration for a L3gateway, rather than for the MFEs. As shown, the logical controller 310converts a BGP configuration to a set of data tuples that define thatconfiguration. In some embodiments, the BGP configuration is generatedby either the logical controller or the input translation controllerbased on the network configuration input by the user (e.g.,administrator). When a user designs the logical network, someembodiments allow the user to specify for the logical router whether theconnections to the external network will use a routing protocol (or BGPspecifically) to peer with external routers. In some embodiments, theuser specifies this by choosing a type of port for these connections(e.g., an uplink port) for which BGP (or a different routing protocol)is automatically activated. In addition, each logical switch in thelogical network will have an associated IP subnet (either assigned bythe user or automatically assigned by the logical controller). For eachport, or for the logical router as a whole, either the user may specifythe external physical routers that will send packets to the port or thelogical controller generates this data based on the gateways selectedfor the port.

Based on this information (i.e., the set of physical routers to whicheach port connects, the IP addresses/subnets of the VMs/logicalswitches), the logical controller 310 generates the set of data tuplesfor the BGP configuration. This may be performed by the table mappingengine in some embodiments, that also converts the logical control planedata into physical control plane data. In addition to the BGP datatuples, the logical controller generates data tuples for the logicalrouter aspect of the L3 gateway (e.g., the routing table). In order todefine containers on a particular gateway host, some embodiments defineeach container as a separate data tuple that specifies the existence ofthe container and the processes running on the container, including BGP.Within this data tuple, BGP may be enabled. Furthermore, this data tupledefines various BGP options, such as the router ID, whether or not toadvertise graceful restart capability, and a list of prefixes (e.g., inclassless inter-domain routing (CIDR) form) to advertise to all peers.In addition, the logical controller creates a data tuple for each BGPneighbor (i.e., peer external router) of a particular L3 gateway. Theseneighbor data tuples specify, in some embodiments, the address of theBGP neighbor, a keep-alive timer that indicates the time betweenkeep-alive packets, and the interface through which the BGP applicationin the gateway communicates with the neighbor, among other information.

Once the logical controller 310 identifies the gateway hosts for thelogical router and creates the data tuples, the logical controller thenidentifies the physical controller or controllers that manage thegateway hosts. As mentioned, like the VM hosts 325-340, each of thegateway hosts has an assigned master physical controller. In the exampleof FIG. 3, both of the gateway hosts are managed by the physicalcontroller 315, so the other physical controller 320 does not receivethe BGP data tuples.

In order to supply the logical router configuration data to the gatewayhosts, the logical controller 310 of some embodiments pushes the data tothe physical controller 315. In other embodiments, the physicalcontrollers request the configuration data (e.g., in response to asignal that the configuration data is available) from the logicalcontroller.

The physical controller 315 passes the data to the gateway hosts,including host 345, much as they pass the physical control plane data.In some embodiments, the BGP data tuples are sent to a database runningon the host that is part of the software associated with the MFE, and isused to configure certain aspects of the MFE (e.g., its port informationand other non-flow entry configuration data).

In some embodiments, a process on the gateway host 345 starts up thecontainer for the L3 gateway and translates the BGP data tuples storedin the database into a BGP configuration file for an applicationoperating in the L3 gateway. The application can load the configurationin order to determine its operating configuration.

The above description describes the conversion, by the network controlsystem, of the network configuration into a set of physical forwardingplane flow entries that the physical controller passes to the host(e.g., via a protocol such as OpenFlow). In other embodiments, however,the data for defining flow entries is passed in other forms, such asmore abstract data tuples, and the MFEs or processes running on thehosts with the MFEs convert these data tuples into flow entries for usein processing data traffic.

FIG. 5 conceptually illustrates a process 500 of some embodiments forgenerating and distributing data in order to implement a set ofconnections between a logical router in a managed network and anexternal network. In some embodiments, the process 500 is performed by anetwork controller (e.g., by a logical controller in a networkcontroller hierarchy such as that shown in FIG. 3) upon receiving anetwork configuration that includes a logical router with router peeringenabled.

As shown, the process 500 begins by receiving (at 505) instructions tocreate a logical router with one or more ports connecting to an externalnetwork. These instructions may be the result of a network administratordesigning a logical network (e.g., through a cloud managementapplication that passes the logical network configuration throughcontroller APIs) that includes the logical router. In some embodiments,the instructions to create the logical router specifically indicate thatthe connections to the external network should be implemented using BGP,or another protocol, for router peering and route advertisement. Inother embodiments, this capability is automatically enabled for alllogical routers with at least one connection to the external network.

Next, the process selects (at 510) gateway host machines for each of theports that connect to the logical network. Some embodiments assign eachport to a different gateway host, while other embodiments allow multipleports (and therefore multiple namespaces hosting routing tables and BGPservices) to be created on a single gateway host. In some embodiments,the gateway hosts are arranged in terms of clusters, or failure domains.These clusters, in some embodiments, may be sets of host machines thatare physically located together in the managed network, and thereforemore likely to all fail together (e.g., due to a top of rack switchfailing, power issues, etc.). Different embodiments may assign gatewaysto host machines differently respective to the clusters. For instance,some embodiments assign only one gateway per cluster for a particularlogical router, while other embodiments assign all gateways for alogical router to the same cluster. Yet other embodiments may assigngateways to several different clusters, but allow two or more gatewayswithin a single cluster.

Furthermore, in some embodiments, the gateway host machines may beassigned to different groups based on the functions for which thosegateway hosts are used. For example, within a physical managed network,some embodiments use a first group of gateway hosts for providinglogical services (e.g., DHCP, metadata proxy), a second group of gatewayhosts for L3 gateways that utilize BGP for route advertisement and forwhich each logical router port is assigned a single gateway, and a thirdgroup of gateway hosts for L3 gateways that do not utilize routeadvertisement and for which each logical router port is assigned tomultiple gateways. In this case of FIG. 5, the controller selectsgateway hosts from among the second group for each logical router port.Each group may span several clusters of gateway hosts, thereby allowingfor the process 500 to select (at 510) gateway host machines within thesecond group from several clusters (i.e., failure domains).

Some embodiments allow the administrator to specify the cluster to whichthe controller assigns each logical port of the logical router, and thecontroller handles selection of the actual gateway host within thatcluster. Thus, the administrator might specify to have two logical portsassigned to gateways in a first cluster, four in a second cluster, andtwo more in a third cluster. The controller then assigns each logicalport to a specific gateway host in its selected cluster. For thisassignment, some embodiments use a load balancing technique, such ascalculating a hash function of a property of the logical router or port(e.g., a UUID assigned by the controller) modulo the number of gatewayhosts in the cluster. This assigns the logical router ports to gatewayhosts within the cluster effectively at random (even though thealgorithm itself is deterministic), and therefore load balances the L3gateways across the gateway hosts over the long run.

Some other embodiments may use other techniques to load balance the L3gateways across the hosts in a cluster. For instance, rather than usingthe hash algorithm to choose between all gateway hosts in a cluster,some embodiments choose between only those gateways with the fewestnumber of logical routers currently operating, and modulo the result ofthe hash function by this smaller number of gateways. Other embodimentsanalyze the number of logical routers on each gateway and theoperational load of the gateways (e.g., based on number of packetsprocessed over a particular timeframe) in order to determine to whichgateway host a particular logical router should be assigned.

FIG. 6 conceptually illustrates five separate clusters 605-625 ofgateway hosts, and the logical router ports (referred to as uplinks)implemented on those gateway hosts. Specifically, the first cluster 605includes four gateways 606-609, the second cluster 610 includes fourgateways 611-614, the third cluster 615 includes three gateways 616-618,the fourth cluster 620 includes three gateways 621-623, and the fifthcluster 625 includes five gateways 626-630. This figure illustrates onlythe gateway hosts for each cluster that are capable of hosting L3gateways for ports that use BGP for route advertisement. In someembodiments, the clusters (i.e., failure domains) might includeadditional gateway hosts assigned to different functionalities, such ashosting logical services (e.g., DHCP, DHCP relay, etc.).

In this example, each of six different logical routers (LR1-LR6) havefrom three to five logical ports for connecting with the externalnetwork, spread throughout these clusters differently. For example, thelogical router LR1 has uplink ports implemented on gateways in the hosts606, 611, 613, and 627, located in four different clusters. The logicalrouter LR3 has uplink ports implemented on gateways in the hosts 608,609, 621, and 623, with two gateways in each of two of the differentclusters. The logical router LR4 has all three of its uplink portsimplemented on gateways in the same cluster 625, on hosts 627, 628, and629. Thus different configurations for implementing the uplink ports ofa logical router are possible, depending on the administrator decisionsand the needs of the logical networks.

No explicit load balancing is used in the illustrated example, with thegateways assigned to hosts using, e.g., explicit assignment by anadministrator or a hash function mod the number of gateways. thereforeboth the second cluster 610 and the fifth cluster 625 include gatewayhosts 613 and 630, respectively, with no gateways implemented (eventhough both of these clusters also include hosts with multiplegateways). In addition, not all of the clusters have the same number ofgateway hosts. This may be due to the clusters simply having differentnumbers of physical machines, some of the clusters having differentnumbers of gateway hosts assigned to different tasks, or some of theclusters having host machines offline due to connection or otherproblems. In some embodiments, when an application running on a gatewayidentifies a problem with the gateway host, the application notifies anetwork controller (e.g., the physical controller that manages thegateway host) of the issue so that the gateway host can be taken out ofuse until the issue is resolved.

Different embodiments handle failover of the L3 gateways implementingthe uplink ports differently. In some embodiments, when a gateway hostwith a L3 gateway implementing an uplink port fails, the network doesnot immediately replace the L3 gateway on a new host. Instead, thenetwork controller allows the incoming (and, in some embodiments,outgoing) packets to be distributed across the other uplink ports whosegateways are still active. On the other hand, some embodiments replacethe L3 gateway with a new implementation for the uplink port on adifferent gateway host (e.g., in the same cluster as the failed host).

Both the FIG. 6 and the above description illustrates using a singlegateway host to implement each uplink port. However, to guard againsthost failure, some embodiments select both an active and a standbygateway host for each of the uplink ports that connects to the externalnetwork. That is, one of the implementations for the logical router portin a first gateway host is active, with MFEs instructed to send packetsto it and with its BGP daemon advertising routes. The otherimplementation of the logical router port, in a second gateway, isconfigured in the same way but the MFEs do not send traffic to it andits BGP daemon does not advertise routes. If the first (active) gatewayhost fails, then the MFEs will begin sending traffic to the second(standby) host, and the network controller will let the second host knowto activate its BGP daemon. The failover for high-availability gatewaysis described in further detail in U.S. application Ser. No. 14/166,446,entitled “High Availability L3 Gateways for Logical Networks” and filedJan. 28, 2014, now issued as U.S. Pat. No. 9,503,371. U.S. applicationSer. No. 14/166,446 now issued as U.S. Pat. No. 9,503,371, isincorporated herein by reference.

Returning to FIG. 5, after selecting the gateway hosts for each of thelogical router ports connecting to the external network, the process 500generates (at 515) flow entries (or data tuples defining flow entries)for MFEs on host machines that send packets through the logical router(i.e., machines hosting VMs attached to logical switches that attach tothe logical router). These flow entries, among other functionalities,both (i) implement the distributed logical router and (ii) send packets,forwarded by the logical router to one of the logical ports connectingto the external network, to the selected gateway host machines throughtunnels. In addition, the flow entries generated for the VM hosts willalso include numerous other entries, such as those implementing thelogical forwarding for the logical switches, ingress and egress ACLs,etc.

To implement the logical router in the MFEs, some embodiments generatelogical forwarding entries that match packets based on destination IPaddress or address prefix (as well as over the logical pipeline for therouter itself), and identify a logical egress port of the logical routerbased on the IP address. To generate these flow entries, the networkcontroller of some embodiments first generates the routing table for thelogical router. In some embodiments, these routes include a defaultroute for sending packets to one of the ports that connects to theexternal network, as well as routes for sending packets to each attachedlogical switch based on the IP subnets associated with the logicalswitches. The routing tables are then embedded into flow entry datatuples (e.g., including a match over the logical router pipeline). Inaddition, the flow entries for the logical router perform MAC addressmodification on the packets (to modify the source MAC address to be thatof the logical egress port of the logical router, and the destinationMAC address to be the address matching the destination IP address). Thismay include flow entries for either performing ARP or sending packets toan ARP daemon that operates on the hosts as well. Beyond the actualrouting of the packet, the network controller generates flow entries forL3 ingress and egress ACL, in some embodiments, according to anypolicies defined for the logical router.

Different embodiments use different types of flow entries for choosingto which of the logical ports connecting to the external network apacket should be forwarded. Some embodiments send all outgoing packetsthrough a single one of the logical ports, but when the amount ofoutgoing traffic is large (e.g., for a webserver, a streaming videoapplication, etc.), the gateway on which this port is implemented canbecome a bottleneck. Other embodiments use an equal-cost multi-path(ECMP)-like technique to choose a logical egress port for packetsexiting the logical network. For instance, a flow entry of someembodiments lists the ports as a bundle and then provides a technique toidentify to which of the ports to send the packet for a given set ofpacket properties (e.g., a hash of packet properties modulo the numberof ports).

The process 500 also generates (at 520) flow entries for the MFEs on thegateway host machines. These flow entries, among other functions,forward packets to the container (e.g., namespace) implementing alogical router port on the gateway host, forward packets to the NIC thatconnects to an external router, and forward packets to the other MFEs atthe VM hosts through tunnels. For instance, outbound packets (i.e.,received from a VM host) are sent by the MFE to the namespace foradditional routing by the L3 gateway routing tables in some embodiments.After this routing, the namespace returns the packet to the MFE (as anew packet) with an external router identified as its destination andthe MFE sends this new packet to the outbound NIC. For incoming packets,the MFE first sends the packet to the namespace for routing by the L3gateway routing tables, then receives the packet back and performsfirst-hop routing to identify a logical egress port of the logicalrouter (typically the port to which one of the logical switchesattaches), identify a logical egress port of the logical switch(typically the port to which a VM attaches), and send the packet out atunnel to the appropriate MFE.

In addition to the flow entries (or data tuples defining the flowentries), the process generates (at 525) data tuples for the routingtable for handling ingressing (and, in some embodiments, egressing)packets at each of the L3 gateways implementing a logical port. In someembodiments, these data tuples are generated by a table mapping enginethat also generates the flow entries. However, other embodiments utilizea separate route processor to generate the routing entries. As indicatedabove, much of the routing table is implemented as flow entries sent tothe MFEs. However, the routing table of the L3 gateway handles packetsbeing routed to and received from the external network. Accordingly, therouting table (and additional aspects of the IP network stack which maybe implemented by the L3 gateway, such as a NAT table) is responsiblefor performing any necessary ARP (e.g., into the external networks),decrementing the packet TTL (i.e., as another hop for the packet), andfor outgoing packets selecting an external router to which the packetwill be sent.

These flow entries and/or data tuples generated at operations 515-525enable the L3 gateways and MFEs to handle the processing of datapackets. In addition, the process 500 generates data for the routingprotocol application (e.g., a BGP daemon) operating at each of the L3gateways. Thus, the process identifies (at 530) the addresses (and otherinformation) of the external network router(s) with which to peer foreach logical port (i.e., each L3 gateway) that connects to the externalnetwork. In some embodiments, the administrator inputs this data foreach logical port, and handles ensuring that the external routers arecorrectly connected to the gateway hosts (or, e.g., a top of rack switchto which the gateway hosts connect). In other embodiments, the networkcontroller automatically determines the set of external routers to whicheach of the gateway hosts is connected based on its stored network stateinformation, and uses these as the external network routers with whichto peer the L3 gateway.

Based on these identified external routers, as well as the calculatedroutes for the logical network, the process generates (at 535) datatuples to define the routing protocol for the L3 gateways on theselected host machines. As indicated above, in order to define the L3gateway container on a particular gateway host, some embodiments defineeach container as a separate data tuple that specifies the existence ofthe container and the processes running on the container, including BGPor another routing protocol application. This data tuple defines variousBGP options, such as the router ID, whether or not to advertise gracefulrestart capability, and a list of prefixes to advertise to all peers.This list of IP addresses and/or prefixes, in some embodiments, is basedon the user configuration of the logical network (e.g., the public IPsconfigured for the logical switches of the logical network). Inaddition, the controller generates a data tuple for each peer externalrouter (e.g., BGP neighbor) of each L3 gateway. These neighbor datatuples specify, in some embodiments, the address of the external router,a keep-alive timer that indicates the time between keep-alive packets,and the interface through which the BGP application in the gatewaycommunicates with the neighbor, among other information.

With the data generated, the process 500 distributes (at 540) thegenerated data tuples and/or flow entries to the various host machines.In some embodiments, the two types of data (flow entries and routingtable/routing protocol data tuples) are distributed via differentprotocols. Some embodiments distribute the flow entries to both the VMhosts and the gateway hosts via a first protocol such as OpenFlow, whiledistributing the routing protocol (e.g., BGP) information and therouting table to the gateway hosts via a second protocol such as OVSDB.The OVSDB protocol used in some embodiments also carries configurationinformation for the MFEs (for both the VM hosts and the gateway hosts).

The above FIG. 5 conceptually illustrates the process 500 as a singlelinear flow performed by the controller. However, one of ordinary skillin the art will recognize that the order in which the controllercalculates the various flow entries and/or data tuples need not followthat shown in the figure. For instance, the controller might generatethe flow entries for the gateway hosts before those for the MFEs, etc.Furthermore, some embodiments do not wait until all of the indicateddata is calculated in order to distribute the data, but might distributethe data incrementally. For instance, some embodiments distribute theforwarding data separate from the routing protocol data, orincrementally distribute the forwarding data to a specific host once allthe data for that host has been generated.

II. Gateway Host Architecture

The above section describes in detail the generation of logical routerand routing protocol data by a controller and the distribution of thatdata to the gateway host machines on which the containers (e.g.,namespaces) operating as L3 gateways reside. In some embodiments, thegateway host machines include various modules (e.g., running as userspace daemons or kernel modules) that are responsible for creating thecontainers, building routing tables in the containers, and processingpackets to and from the namespaces, based on the data tuples distributedby the network control system.

FIG. 7 conceptually illustrates a software architecture of someembodiments for a gateway host machine 700. The host machine 700 is ahost designated for hosting L3 gateway implementations, which mayoperate a routing protocol application, within namespaces. As shown, thehost 700 includes virtualization software 705 and two namespaces 710 and715. In some embodiments, the host includes a base Linux operatingsystem on which the namespaces 710 and 715 run as containers. In someembodiments, the gateway host machine 700 is a computer with a standardx86-based processor.

The virtualization software 705 includes a forwarding element daemon725, a database daemon 730, a namespace daemon 735, a high availabilitydaemon 720, and a forwarding element kernel module 740. In someembodiments, the forwarding element daemon 725, the database daemon 730,the namespace daemon 735, and the high availability daemon 720 operatein the user space of virtualization software 705, while the forwardingelement kernel module 740 operates in the kernel of the virtualizationsoftware 705. In some embodiments, the forwarding element used on thehost is Open vSwitch (OVS), and these modules are the OVS daemon, OVSDBdaemon, and OVS kernel module, in addition to the namespace daemon andthe high availability daemon. In some embodiments, the functionalitiesof the namespace daemon 735 and the high availability daemon 720 arecombined into a single user space application. This figure illustratesboth control path connections (shown as dashed lines) for provisioningthe managed forwarding element and the namespaces, as well as data pathconnections (shown as solid lines) for sending data packets (includingBGP packets). One of ordinary skill in the art will recognize that, inaddition to the modules shown, which relate to the virtual switch andhosted namespaces, the virtualization software of some embodimentsincludes additional modules for performing, e.g., virtualization of thehardware resources (e.g., processors, memory, etc.) of the host machine700.

The forwarding element daemon 725 is an application that communicateswith a physical network controller 795 in some embodiments in order toreceive instructions for processing and forwarding packets sent to andfrom the namespaces 710 and 715 (e.g., packets entering the managednetwork from an external network or leaving the managed network to anexternal network). Specifically, as described in the previous section,the forwarding element daemon 725 receives physical control plane flowentries from the physical controller 795. The forwarding element daemon,in some embodiments, communicates with the network controller throughthe OpenFlow protocol, though other embodiments may use differentcommunication protocols for transferring the forwarding data to the hostmachine. Additionally, in some embodiments the forwarding element daemon725 retrieves configuration information from the database daemon 730after the physical controller 795 transmits the configurationinformation to the database daemon.

The forwarding element daemon 725 of some embodiments includes a flowprotocol module 750 and a flow processor 755. The flow protocol module750 handles the communication with the network controller 795 in orderto receive physical control plane information (e.g., flow entries) forthe managed forwarding element. As mentioned, in some embodiments thiscommunication uses the OpenFlow protocol. When the flow protocol module750 receives this physical control plane information, it translates thereceived information into data understandable by the flow processor 755(e.g., physical forwarding plane information useable for processingpackets).

The flow processor 755 manages the rules for processing and forwarding(i.e., switching, routing) packets in some embodiments. For instance,the flow processor 755 stores rules (e.g., in a machine readable storagemedium, such as a disk drive) received from the flow protocol module750. In some embodiments, the rules are stored as a set of flow tables(forwarding tables) that each includes a set of flow entries. These flowentries, in some embodiments, include a match (i.e., a set of packetcharacteristics) and one or more actions (i.e., a set of actions to takeon packets that match the set of characteristics). In some embodiments,the flow processor 725 handles packets for which the managed bridge 760(described below) does not have a matching rule. In such cases, the flowprocessor 755 matches the packets against its stored rules. When apacket matches a rule, the flow processor 725 sends the matched rule andthe packet to the managed bridge 760 for the managed bridge to process.This way, when the managed bridge 760 subsequently receives a similarpacket that matches the generated rule, the packet will be matchedagainst the generated exact match rule in the managed bridge and theflow processor 755 will not have to process the packet.

In some embodiments, the database daemon 730 is an application that alsocommunicates with the physical controller 795 in order to configure themanaged forwarding element (e.g., the forwarding element daemon 725and/or the forwarding element kernel module 740). For instance, thedatabase daemon 730 receives configuration information from the physicalcontroller and stores the configuration information in a set of databasetables 745. This configuration information may include tunnelinformation for creating tunnels to other managed forwarding elements,port information, etc. In some embodiments, the database daemon 730communicates with the network controller 795 through a databasecommunication protocol (e.g., OVSDB). In some cases, the database daemon730 may receive requests for configuration information from theforwarding element daemon 725. The database daemon 730, in these cases,retrieves the requested configuration information (e.g., from its set ofdatabase tables 745) and sends the configuration information to theforwarding element daemon 725.

In addition to the forwarding element configuration (tunnel and portinformation, etc.), the database daemon 730 of some embodimentsadditionally receives BGP configuration information that defines theconfiguration for the BGP daemons operating in the namespaces 710 and715. This information includes information about the routes the BGPdaemon advertises to its peers, as well as information identifying thosepeers. The database daemon 730 may receive this BGP configurationinformation along with the forwarding element configuration information,or in separate transactions with the controller 795.

As shown, the database daemon 730 includes a configuration retriever 765and a set of database tables 745 (which may be stored, e.g., on a harddrive, volatile memory, or other storage of the host 700). Theconfiguration retriever 765 is responsible for communications with thephysical controller 795. In some embodiments, the configurationretriever receives the configuration information for the managedforwarding element from the controller. In addition, the configurationretriever in some embodiments receives the data tuples for configuringthe namespaces 710 and 715, and any routing tables, NAT tables, BGPdaemon, or other services provided by the namespaces. The configurationretriever 765 also converts these data tuples into database tablerecords to store in the database tables 745 in some embodiments.

Specifically, the database tables 745 of some embodiments include acontainer table, with each record in the database defining a differentnamespace (or other container) on the host machine. Thus, for the host700, the container table would include a row for each of the twonamespaces 710 and 715. In addition, for each namespace, the databasetables store information defining the routing table (e.g., a defaultroute, any additional routes defined for the connected logical switches,and any user-defined static routes). If the router performs NAT, thenthe database also stores the NAT rules (source NAT and/or destinationNAT) for the logical router). Furthermore, for each namespace, thedatabase stores a list of the logical router ports, with IP address, MACaddress, netmask, etc. for each port.

For the namespaces 710 and 715, with active BGP daemons, the databasetable record indicates that BGP is enabled. Furthermore, in someembodiments, these records contain an additional column specifying theBGP properties of the L3 gateway as a peering router. These propertiesmay include a local autonomous system number (which, in differentembodiments, identifies either the logical network to which the L3gateway belongs or the managed network as a whole), a router identifier(e.g., an IP address), whether or not to advertise graceful restart(used for failover purposes—in some embodiments, namespaces that are theonly L3 gateway implementing a port do not advertise graceful restart),and a set of addresses/prefixes advertised by the BGP daemon.

Furthermore, some embodiments define a database table record (e.g., in adifferent database table) for each external physical router that the L3gateway peers with via the BGP daemon (i.e., each BGP neighbor). Theserecords, in some embodiments, specify some or all of the IP address ofthe neighbor router, the autonomous system number for the router, akeep-alive timer (i.e., the duration between keep-alive messages sent tothe neighbor in order to keep a BGP session alive), an optional passwordused for MD5 authentication, a hold-down timer duration (i.e., theduration after which, if no keep-alive messages are received, the BGPdaemon assumes that the neighbor has gone down), and an interfacethrough which communication with the BGP neighbor is sent.

The forwarding element kernel module 740 processes and forwards networkdata (e.g., packets) between the namespaces running on the host 700,network hosts external to the host 700, and forwarding elementsoperating on other hosts in the managed network (e.g., for network datapackets received through the NIC(s) 770 or from the namespaces 710 and715). In some embodiments, the forwarding element kernel module 740implements the forwarding tables of the physical control plane for oneor more logical networks (specifically, the logical networks to whichthe namespaces 710 and 715 belong). To facilitate the processing ofnetwork data, the forwarding element kernel module 740 communicates withforwarding element daemon 725 (e.g., to receive flow entries from theflow processor 755).

FIG. 7 illustrates that the forwarding element kernel module 740includes a managed bridge 760. In addition, in some embodiments, thevirtual switch kernel module may include additional bridges, such asphysical interface (PIF) bridges. Some embodiments include a PIF bridgefor each of the NICs 770 in the host machine's hardware. In this case,in some embodiments a PIF bridge is located between the managed bridge760 and each of the NICs 770.

The managed bridge 760 of some embodiments performs the actualprocessing and forwarding of the packets between the namespaces 710 and715 and the VMs and other hosts (including external hosts) that sendtraffic to and receive traffic from the namespaces. Packets are receivedat the managed bridge 760, e.g., from the MFEs at the VM hosts throughtunnel ports, or from the external routers via their connection to theNICS, such that packets arriving over different tunnels or externalrouter connections are received at different interfaces of the bridge760. For packets received from other MFEs (e.g., at the VM hosts), themanaged bridge 760 sends the packets to the appropriate namespacethrough its interface(s) with the namespace based on a destinationlogical port appended to the packet (or other information, such as adestination MAC or IP address).

For packets received from an external router, the managed bridge 760 ofsome embodiments sends the packets to the appropriate namespace basedon, e.g., a destination MAC and/or IP address of the packet. When anexternal router routes a packet to the namespace, the router performsMAC address replacement using previously-discovered ARP information. Insome embodiments, the external router has a MAC address of the namespaceassociated with various IP addresses behind that namespace, andtherefore uses the namespace MAC address as the destination address forpackets directed to that gateway. In some embodiments, the managedbridge uses this information to direct these packets to the appropriatenamespace, as packets entering the logical network do not yet havelogical context information appended.

Similarly, the managed bridge receives packets from the namespaces 710and 715, and processes and forwards these packets based on the interfacethrough which the packets are received and the source and/or destinationaddresses of the packets. In some embodiments, to process the packets,the managed bridge 760 stores a subset of the rules stored in the flowprocessor 755 (and/or rules derived from rules stored in the flowprocessor 755) that are in current or recent use for processing thepackets. The managed bridge 760, in this figure, includes two interfacesto each of the namespaces 710 and 715. In some embodiments, the managedbridge includes a separate interface for each logical port of thelogical router. Thus, the managed bridge may send a packet to thenamespace through one of its interfaces, and after routing by thenamespace routing table, the managed bridge receives the packet backthrough a different interface. On the other hand, because the namespaceonly implements one of the logical router ports, some embodiments onlyhave a single interface between the namespace and the managed bridge.

Although FIG. 7 illustrates one managed bridge, the forwarding elementkernel module 740 may include multiple managed bridges. For instance, insome embodiments, the forwarding element kernel module 740 includes aseparate bridge for each logical network that is implemented within thehost machine 700, or for each namespace residing in the host (which willoften be the same as each logical network). As such, in this example,the forwarding element kernel module 740 would include two managedbridges, with separate interfaces to the namespaces 710.

Each of the namespaces 710 and 715 implements a different L3 gateway(i.e., implements a different port of a logical router). In someembodiments, all of the namespaces on a particular gateway host machineare of the same type (i.e., implementing a single logical router portusing a router peering protocol such as BGP). On the other hand, someembodiments also allow namespaces that are one of several toequivalently implement an entire routing table for a logical router oract as gateways for a logical router that has a single logical portattachment to the external network. Furthermore, some embodiments alsoallow namespaces to provide logical services other than routing, such asDHCP, DHCP relay, metadata proxy, etc.

As indicated in this figure, different namespaces implementing differentL3 gateways (e.g., different logical ports) for different logicalnetworks (or, in some cases, for the same logical router or differentlogical routers within the same logical network) may reside on the samehost 700 in some embodiments. In this case, both of the namespaces 710and 715 run a BGP daemon and a routing table.

In some embodiments, the namespace may provide multiple services. Inthis case, the first namespace 710 includes a routing table 775, a BGPdaemon 780, and other services 782. These other services running on thenamespace 710 might provide ARP functionality, a network addresstranslation (NAT) table, or other features associated with a router. Thesecond namespace 715 also includes a routing table 790 and a BGP daemon792, along with other services 794. Some embodiments use the same set ofservices for all of the L3 gateways that implement ports and use routerpeering protocols, while other embodiments allow the user to configurethe network stack or other services provided. In addition, someembodiments restrict the use of stateful services, such as NAT, forimplementations in which multiple gateways are active for a logicalrouter at the same time. That is, the network control system preventsthe L3 gateways from utilizing those service that require the variousgateways for a logical router to share state information.

The namespace daemon 735 of some embodiments manages the namespaces 710and 715 residing on the host 700 and the services running in thosenamespaces (e.g., logical router and L3 gateway service). As shown, thenamespace daemon 735 includes a database monitor 785 and a BGPconfiguration generator 799. In addition, some embodiments includeconfiguration generators or similar modules for other services (e.g., aNAT table generator, a routing table generator, configuration generatorsfor DHCP and other services that may be provided in the namespaces,etc.).

The database monitor 785 listens on the database tables 745 for changesto specific tables that affect the namespaces implementing logicalrouters. These changes may include the creation of a new namespace,removal of a namespace, adding or removing a BGP neighbor, modifying theBGP configuration or routing table within a namespace, attaching newlogical switches to a logical router, etc. When the database monitor 785detects a change that affects the namespaces, it either causes thenamespace daemon to create a new namespace on the host for a new logicalrouter, instantiate a new process in an existing namespace (e.g., for anewly enabled service), or generate/modify the routing table or otherconfiguration data for a namespace.

When the database monitor 785 detects new BGP configuration data (eithera new namespace with a BGP configuration, a modification to an existingBGP configuration, modifications to the set of neighbors for aparticular BGP daemon, etc.), the database monitor 785 provides thisdata to the BGP configuration generator 799 (or instructs the BGPconfiguration generator 799 to retrieve the new data from the databasetables 745). The BGP configuration generator uses the data tuples storedin the database tables 745 to build a configuration file for the BGPdaemon in the format required by the daemon. In some embodiments, thenamespace daemon 785 stores the generated configuration in the host filesystem 783 In some embodiments, the BGP daemon 780 and 792 is a standardapplication available for Linux or a different operating system.

The high availability daemon 720 monitors the health of the gateway host700 and/or the namespaces 710 and 715 operating on the host 700. Thisdaemon is responsible for reporting to the controller 795 when thegateway host 700 is no longer healthy and should be taken out of use,thereby allowing the controller to assign the namespaces operating onthe host to new gateway hosts, modify flow entries used for tunnelencapsulation at the VM hosts that send packets to the L3 gatewaysimplemented on the gateway host 700, etc.

The high availability daemon 720 includes a monitor 793 and a healthstatus modifier 797 in some embodiments. The monitor 793 of someembodiments monitors various aspects of the gateway host machine 700 todetermine whether the machine should remain in use or be taken out ofuse for hosting L3 gateways (as well as other services for logicalnetworks). The monitor 793 may monitor the underlying hardware resources(e.g., processors, memory, etc.) to ensure that these resources arefunctioning well enough to provide the logical routing services atnecessary speeds. In addition, the monitor 793 ensures that connectionsto the other host machines (e.g., the VM hosts that send traffic to thegateway host) are functioning properly. Some embodiments monitor theconnections by monitoring the physical NICs, and monitoring whetherpackets are received from these hosts. In addition, the monitor 793 ofsome embodiments monitors the software operating on the host. Forinstance, the monitor checks on the other modules of the virtualizationsoftware 705 and the namespaces 710 and 715 to ensure that they have notcrashed or otherwise failed. In addition, in some embodiments the highavailability daemon 720 uses Bidirectional Forwarding Detection (BFD) tomonitor upstream routers (e.g., routers external to the managed network)directly.

When the monitor 793 determines that the gateway host 700 should betaken out of use for any reason, the high availability daemon 720notifies the physical controller 795 that manages the gateway hostmachine 700. To notify the controller, in some embodiments the healthstatus modifier 797 modifies the database tables 745 with informationthat the database daemon 765 (e.g., via the configuration retriever 765)propagates up to the controller 795. In some embodiments, the healthstatus modifier 797 modifies a table that includes a health variable forthe gateway host 700 to indicate that the gateway should be inactive. Insome embodiments, the health status modifier 797 modifies a row in thetables 745 created for each namespace to indicate that the namespaceshould be considered inactive. When a single namespace crashes, thehealth status modifier 797 only modifies the data for the crashednamespace.

The configuration retriever 765, in some embodiments, detects that thedatabase tables 745 have been modified and sends updated data tuples tothe physical controller 795. When the controller 795 receives such anindication, the controller identifies the logical controllers withaffected logical routers, enabling these controllers to (i) assign thelogical ports for implementation on new gateway hosts, and (ii) generatenew flow entries for the MFE hosts that send packets to the L3 gateways.

III. Configuration of Routing Protocol Application

As indicated in the previous section, in some embodiments an application(e.g., a user space daemon) or set of applications operating on thegateway host machine is responsible for receiving a L3 gatewayconfiguration and installing that configuration in a namespace or othercontainer on the gateway host. The L3 gateway configuration may includea routing table, a routing protocol configuration, as well as otherdata. The application, among other functions, retrieves information froma set of database tables stored on the host and uses that information toset up the L3 gateway, with its various functionalities, in a namespaceon the host. This setup includes the generation of a configuration filethat specifies various BGP parameters and BGP neighbors for the BGPdaemon, in some embodiments.

FIG. 8 conceptually illustrates a process 800 of some embodiments forsetting up or modifying a L3 gateway on a gateway host machine. In someembodiments, the process 800 is performed by a user space daemon in thevirtualization software running on the gateway host, such as thenamespace daemon 785. As shown, the process 800 begins by receiving (at805) a modification to database tables that define L3 gatewaysimplementing a logical router port with BGP to run on the host machine.In some embodiments, the application responsible for creating the L3gateway on the host and generating the BGP configuration file listens ona set of database tables that are populated by controller data. When anew row is added to the table defining the namespaces on the host, or anexisting row is modified, the application detects this change andretrieves the data. When the change relates to either the creation of anamespace with a BGP daemon or the modification of the BGP configurationfor an existing namespace, the BGP configuration generator is called inorder to create or modify the configuration file for the new/affectedBGP daemon.

Upon receiving the database tables, the process 800 determines (at 810)whether the container for the affected L3 gateway is already operatingon the host machine. That is, the process determines whether themodification to the database tables is for adding a new gateway ormodifying an existing gateway. In some embodiments, the database tableson the gateway host first receive a data tuple simply defining a newcontainer, and then subsequently receive the configuration information,in which case the routing table and/or BGP configuration data will betreated as a modification to an existing namespace.

When the container is not yet operating on the host machine, the processcreates (at 815) a container for a new L3 gateway on the host machine.In some embodiments, a user space application operating in thevirtualization software of the gateway host machine (e.g., a namespacedaemon) is responsible for creating and removing containers for L3gateways on the host. As mentioned, in some embodiments this containeris a virtualized container such as a namespace or a virtual machine thatoperates on top of the base operating system. Some embodiments use aLinux namespace, as this uses less operational resources than a typicalvirtual machine, and is adequate for the operations performed by the L3gateway (e.g., IP stack including routing, BGP daemon). In someembodiments, each gateway host machine runs numerous (e.g., dozens) ofnamespaces operating L3 gateways for numerous different logical routersof numerous different logical networks.

Next, the process 800 determines (at 820) whether a routing table hasyet been defined for the affected L3 gateway according to theconfiguration in the database tables. For example, if the databasetables only define a new L3 gateway without providing any informationabout the configuration of the namespace for the L3 gateway, then thenamespace daemon will create a new namespace on the host, but notconfigure the namespace at all. Furthermore, if the database tables onlyinclude modifications to other aspects of the namespace, such as the BGPconfiguration, then the namespace daemon will not modify the routingtable of the particular L3 gateway. However, in some embodiments, thenamespace daemon ensures that any routes advertised by the BGP daemonare also in the routing table of the L3 gateway. As such, if newprefixes are added to the list of those to advertise in the BGPconfiguration, then the namespace daemon adds these to the routing tableif not already present.

However, when the routing table currently installed in the containerdoes not match the routing table definition in the database tables(either because there is no routing table yet defined or because therouting table definition has been modified), the process generates ormodifies (at 825) the routing table for the L3 gateway, and installs (at830) the routing table in the container. In some embodiments, this isactually one operation, as the namespace daemon directly modifies the IPstack in the namespace. In other embodiments, the namespace daemongenerates a routing table or IP stack and then installs this in thecontainer as a separate action.

Next, the process 800 determines (at 835) whether the BGP daemon hasbeen started in the container for the L3 gateway. For example, if thecontainer was previously created without a configuration, or if thecontainer was just created during the process 800 (i.e., if the databasetables defined a new container with a BGP configuration), then thedaemon would not have yet been started in the container. On the otherhand, if the modification to the database tables was just an update tothe routing table or the BGP configuration (e.g., adding routes for anew logical switch, adding or removing a BGP neighbor, etc.), then theBGP daemon would already be in operation in the container for the L3gateway.

When the BGP daemon has not yet been started, the process starts (at840) a BGP daemon in the container. In some embodiments, the namespacedaemon sends an instruction to the namespace implementing the L3 gatewayto start up a BGP daemon. In order for the namespace to actually run aninstance of the BGP daemon, in some embodiments the software is alreadyinstalled on the namespace by default. In other embodiments, either thenamespace retrieves the daemon (e.g., from a storage on the gatewayhost) or the namespace daemon retrieves the daemon and installs it onthe namespace.

With the BGP daemon started, the process determines (at 845) whether theconfiguration of the BGP daemon matches that defined in the receiveddatabase tables for the L3 gateway. If the BGP daemon was just started(at operation 840), then the daemon will not yet have a configuration,and therefore clearly will not match that defined in the databasetables. In addition, the database table modifications might add orremove routes to advertise, add or remove BGP neighbors, or modify thedata for a BGP neighbor. However, if the database table modificationsonly affect the routing table, then no BGP configuration modificationswill be required.

When the operating configuration does not match that defined by thedatabase tables, the process generates (at 850) a configuration filefrom the database tables and stores the file in the file system of thehost machine. In some embodiments, within a specific directory of thefile system, each of the gateways operating on the machine is assigned asub-directory for, e.g., the BGP configuration file, as well as storagefor other data (e.g., a DHCP configuration file, etc.). In order togenerate the configuration file, in some embodiments the namespacedaemon uses the data tuples from the database table records andtransforms them into a specific format readable by the BGP daemon. Forinstance, in some embodiments the configuration file is a textfile. Inother embodiments, the namespace daemon first generates an intermediateconfiguration file (e.g., a text file), then converts this into a binarysnapshot readable by the BGP daemon, and stores both of these files inthe directory for the BGP daemon instance in the namespace. Theconfiguration file, in some embodiments, defines (i) the autonomoussystem and identification information for the BGP daemon as a router,(ii) a set of routes for the BGP daemon to advertise, and (iii)information about the external router peers of the BGP daemon.

Once the configuration file has been generated, the process 800 notifies(at 805) the BGP daemon to read the configuration file in order for itsconfiguration to match that defined in the database tables. In someembodiments, the notification takes place via a TCP connection withinthe gateway host between the namespace daemon and the BGP daemon. TheBGP daemon, in some embodiments, reads the binary configuration file,calculates changes from its current operating configuration, and appliesthese changes.

IV. BGP Operation in Gateway

Once the BGP daemon has been instantiated, and its configuration fileloaded, the L3 gateway can participate in route exchange as a peer ofthe external routers. FIG. 9 conceptually illustrates a process 900 ofsome embodiments performed by the routing protocol application (e.g.,BGP daemon) of some embodiments in order to advertise routes to externalrouters for an L3 gateway. The process 900 represents a processperformed by the BGP daemon upon initial startup. One of ordinary skillin the art will recognize that in many cases the operations will not beperformed in the linear fashion shown in this figure. For example,communication with different external routers may require differentlengths of setup time, and the BGP daemon treats each peer-to-peerconnection as a separate process in some embodiments.

As shown, the process 900 begins by receiving (at 905) a BGPconfiguration. As described in the previous section, in some embodimentsa user space application in the virtualization software of the host(e.g., the namespace daemon) generates a BGP configuration file, storesthe configuration file in a directory of the host file system for thenamespace, and then notifies the BGP daemon of the configuration file.At this point, the BGP daemon can retrieve the BGP configuration fromthe directory.

Next, the process 900 installs (at 910) the configuration. In someembodiments, the BGP daemon reads the retrieved binary file, determinesthe differences between its current operating configuration and theconfiguration specified in the binary file, and applies these changes tothe existing configuration such that the new operating configurationmatches that in the configuration file. If this is the initial setup forthe BGP daemon, then the operating configuration will have no data.However, if the change is limited to adding or removing a route toadvertise, or adding, removing, or modifying information about aneighbor physical router, then the BGP daemon only modifies itsconfiguration to effect the changes, rather than reloading the entireconfiguration.

With the configuration installed, the process identifies (at 915) theBGP neighbors (i.e., peer physical routers) with which to set up aconnection in order to advertise routes. This may be a single physicalrouter (e.g., as shown in FIG. 15 below) or several physical routers towhich the gateway (using the BGP daemon) advertises the same routes(e.g., as in FIG. 10 below). In some embodiments, the physicalconnections between the gateway host machines on which the L3 gatewaysoperate and the external physical routers are set up manually andidentified to the network controller by the administrator when thenetwork is configured, whereas in other embodiments the networkcontroller identifies the routers to which each gateway is connectedautomatically without this information being input by a user.

In some embodiments, the BGP daemon identifies, for each physicalrouter, the IP address of the router, the autonomous system number towhich the router belongs, the keep-alive timer for a BGP session withthe router, a hold-down time that specifies a duration after which theBGP daemon should assume the router has gone down if no keep-alivemessages have been received, and optionally a password forauthentication. Different physical routers with which a single BGPdaemon establishes connections may use different BGP settings (e.g.,different keep-alive or hold-down timers) and belong to differentautonomous systems.

Next, the process opens (at 920), or attempts to open, a BGP sessionwith each of the identified BGP neighbors. In some embodiments, the BGPdaemon operates as the standard BGP state machine for each connection.That is, the daemon essentially instantiates a separate state machinefor each BGP connection with a different physical router. The daemon,for each connection, attempts to transition to the Established state inorder to be able to exchange route updates with the physical router.That is, the BGP daemon attempts to initiate a TCP connection with thepeer, send an Open message and receive an Open message in return, andsend and receive keep-alive messages in order to transition from theConnect state to the OpenSent state to the OpenConfirm state and finallyto the Established state. When a connection with a peer router is in theEstablished state, the BGP daemon and the peer router can exchange routeinformation.

However, for various reasons, the BGP daemon might be unable to open asession (also referred to as establishing adjacency) with one or more ofits identified neighbors. For instance, if the autonomous system numberprovided in the configuration file for a particular peer router does notmatch the actual autonomous system number configured on the peer router,then adjacency will not be established. The process 900 assumes thatadjacency is established for each BGP neighbor—if the daemon fails toopen a session with a particular router, then it continues attempting insome embodiments (e.g., attempting to establish a TCP session,attempting to send and receive Open messages, etc.).

The process also identifies (at 925) the routes to advertise to itspeers with which a BGP session has been established, based on theconfiguration file. In some embodiments, the BGP daemon advertises thesame addresses and prefixes to each of the routers with which it peers.These may be single IP addresses (e.g., 10.1.1.1) or CIDR prefixes(e.g., 10.1.1/24) that represent ranges of IP addresses. In someembodiments, the BGP daemon advertises all routes in CIDR slash-notation(e.g., using /32 to denote a single IP address).

Using the identified prefixes and addresses, the process generates (at930) packets for each identified neighbor with which an adjacency hasbeen established. In some embodiments, these packets are standard BGPUpdate packets that identify the known reachable prefixes and the listof autonomous systems through which a packet will have to pass to reacheach prefix. For routes to logical switches, the BGP packet advertisesthe subnet (e.g., 10.1.1/24) and only a single autonomous system number(that to which the L3 gateway belongs), as packets will not have to besent to any other autonomous systems once reaching the L3 gateway inorder to reach the VM hosts.

Each time a packet is generated, the process sends (at 935) thegenerated packet out of the namespace to the local MFE in order for theMFE to send the packet out over the external network to the destinationphysical router neighbor. If the BGP daemon establishes adjacencies withthree different physical routers, then the daemon will send the same BGPUpdate packet to three different destinations via the MFE. Furthermore,several different namespaces might be running BGP daemon instances onthe same host for different logical routers, in which case the samerouter might receive several different Update packets advertisingcompletely different routes.

FIGS. 10-14 conceptually illustrate an example of the use of BGP in a L3gateway to advertise routes to a set of three external routers for alogical network. FIG. 10 illustrates both the logical network 1000 andthe physical implementation of that logical network in a managed network1025. As shown in the top half of the figure, the logical network 1000is configured similarly to the logical network 100 of FIG. 1, with asingle logical router 1015 connecting two logical switches 1005 and1010. The first logical switch 1005 includes IP addresses in the subnet10.0.0/24 (sometimes written as 10.0.0.0/24), and the second logicalswitch 1510 includes IP addresses in the subnet 10.0.1/24 (sometimeswritten as 10.0.1.0/24). In addition, the logical router 1015 includesthree ports that connect to an external network 1020, for which routeadvertisement (e.g., using BGP) is activated.

The bottom portion of FIG. 10 illustrates the physical implementation ofthe logical network 1000. Within the managed network, a set of VM hostmachines 1030 hosts the VMs attached to the logical switches 1005 and1010. These VM hosts 1030 may each host a single VM from the logicalnetwork, and some might host multiple VMs, either from the same logicalswitch or different logical switches. The forwarding tables of the MFEson the VM hosts each implement both of the logical switches 1005 and1010 as well as the logical router 1015. In addition, in someembodiments, these VM hosts 1030 may host VMs from other logicalnetworks, and the forwarding tables of the MFEs would then implementthese other logical networks as well. Furthermore, the managed network1025 of some embodiments includes additional VM hosts that host VMs forother logical networks but upon which none of the VMs for logicalnetwork 1000 reside.

In addition, the managed network 1025 includes three gateway hosts1035-1045. Each of these gateway hosts 1035-1045 hosts a namespace thatimplements one of the three logical router ports that faces the externalnetwork 1020. Specifically, the first gateway host 1035 hosts a firstnamespace 1050 implementing a first logical router port, the secondgateway host 1040 hosts a second namespace 1055 implementing a secondlogical router port, and the third gateway host 1045 hosts a thirdnamespace 1060 implementing a third logical router port. Each of thesenamespaces 1050-1060 operates a BGP daemon or other routing protocolapplication for exchanging routing information with the attachedexternal network routers. A MFE also operates on each of the gatewayhosts 1035-1045. In some embodiments, the MFEs each implement thelogical switches 1005 and 1010 as well as the logical router 1015. Whileoutgoing packets from the VMs will have already been processed throughmost of the logical network, these MFEs act as first-hop MFEs forincoming packets, and process these incoming packets through the logicalnetwork in some embodiments. As the gateway hosts may implement othernamespaces for other logical networks, these MFEs may implement otherlogical networks as well.

In this example, three external network routers 1065-1075 connect to thenamespaces 1050-1060 through the MFEs on the gateway hosts. The firstrouter 1065 connects to only the namespace 1050 on host 1035, the secondrouter 1070 connects to all three of the namespaces 1050-1060, and thethird router 1075 connects to the namespace 1060 on host 1045. Theserouters may provide connections through to the Internet, other networks,etc.

FIG. 11 conceptually illustrates the provisioning of the BGP daemons inthe three namespaces 1050-1060 on the gateway hosts 1035-1045 by acontroller cluster 1100 that operates to control the managed network1025. The controller cluster 1100, in different embodiments, may be asingle controller, a pair or group of controllers operating in amaster-standby(s) configuration, or a hierarchy of controllers such asthose shown in FIG. 3. As shown, the controller cluster 1100, based onconfiguration information entered to define the logical network 1000,transmits BGP configuration data to the three gateway hosts 1035-1045 inorder to provision the BGP daemons operating in the namespaces on thosehosts. Among other information, the BGP configuration data includes theprefixes to advertise (which are the same for each of the gateways) andthe list of BGP neighbors (peer routers).

In this example, the controller cluster sends data 1105 to the firstgateway host 1035 indicating the prefixes 10.0.0/24 and 10.0.1/24 andtwo BGP neighbors 15.1.1.1 and 16.1.1.1 (the IP addresses for the tworouters with which this gateway interfaces). The controller clustersends data 1110 to the second gateway host 1040 indicating the same twoprefixes and only one BGP neighbor 16.1.1.1. Lastly, the controllercluster sends data 1115 to the third gateway host 1045 indicating thesame two prefixes and two BGP neighbors 16.1.1.1 and 17.1.1.1. In someembodiments, the controller cluster transmits this data in the sameformat as other non-flow entry configuration data for the gateway (e.g.,as data tuples transmitted using the OVSDB protocol). The BGPconfiguration data sent from the controller may also include other datasuch as the autonomous system number (which will be the same across thegateways), router identification info for the gateways, and additionalinformation about the peer routers (e.g., the autonomous system numbersof the peers).

After receiving the configuration data from the controller cluster 1100,applications (e.g., daemons running in the virtualization software) oneach of the gateway hosts 1035-1045 configure the BGP daemons operatingon their respective namespaces (e.g., by generating a configuration filefor the BGP daemon). The BGP daemons then begin operations, and attemptto set up connections with their identified peer external routers. Forexample, the BGP daemon in the namespace 1050 establishes two separateTCP connections with the routers 1065 and 1070, then further establishesBGP sessions with these routers by sending BGP Open and keep-alivemessages. If such messages are also received from these routers, thenthe BGP daemon can send out Update packets to the peer routers.

FIG. 12 conceptually illustrates the BGP Update packets sent by BGPdaemons in the namespaces 1050-1060 according to some embodiments. Thesepackets, in some embodiments, identify themselves as BGP Update packets(i.e., in the BGP header), identify the source router, and identifyreachability information for various prefixes. This reachabilityinformation, in some embodiments, identifies (i) a prefix in CIDR formatand (ii) an ordered set of autonomous systems through which packets willpass in order to reach an IP address in the subnet defined by the prefixif sent to the source of the Update packet. For instance, in a typicalphysical network, a router might identify a prefix 192.10.10.0/24 thatis reachable through autonomous systems 15, 8, 6 (with the sendingrouter located in autonomous system 15).

In most cases of L3 gateways for a logical network, all of the routes toVMs attached to the logical switches will only have a single autonomoussystem in their reachability information, that to which the gatewaybelongs. In general, either each logical network is a single autonomoussystem, or the managed network as a whole is a single autonomous system.In some cases, however, the advertised routes could have more than oneautonomous system (e.g., if the managed network is divided into multipleautonomous systems through which packets pass in order to reach thelogical switches).

As shown, the namespace 1050 sends two Update packets 1205 and 1210 tothe routers 1065 and 1070 respectively. The namespace 1050 sends each ofthese packets through its local MFE, which includes bridges to theNIC(s) of the gateway host 1035. Each of these packets is the same(except for the destination router information), indicating the twoprefixes 10.0.0/24 and 10.0.1/24 and the sending namespace information.The namespace 1055 sends a single packet 1215 to the router 1070,indicating the same prefix reachability data but with differentself-identification information. Finally, the third namespace 1060 sendstwo packets 1220 and 1225 to routers 1070 and 1075, also identifying thesame two prefixes with equivalent reachability information, with its ownself-identification information.

As a result of receiving these Update packets, the external routers1065-1075 update their own routing tables. In some embodiments, therouters add the learned routes to their Routing Information Base (RIB),and then recompute routes to the identified destinations to use in theForwarding Information Base (FIB). In some embodiments, the RIB includesall routes that the router has learned (via connection, manual input ofroutes, or dynamic routing protocols such as BGP), while the FIBincludes the routes that the router will actually use to forwardpackets.

The routers 1065 and 1075 only have a single way to reach the prefixes10.0.0/24 and 10.0.1/24—through L3 gateways on the hosts 1035 and 1045respectively. However, the router 1070 receives route advertisement fromthe namespaces on all three gateway hosts 1035-1045, each indicatingthemselves as possible next hops to reach these prefixes. In general,when confronted with multiple routes in the RIB to reach a particulardestination IP address or range of addresses, one of the physicalrouters determines which of the routes is optimal (e.g., based on thenumber of autonomous systems traversed, or other data) and selects themost optimal route to use in the FIB. In this case, though, the threepossible routes presented to the router 1070 for 10.0.0/24 areequivalent. In some embodiments, the router 1070 simply chooses one ofthese routes for its FIB. If the router 1070 is capable of equal-costmulti-path (ECMP) forwarding, however, then the router adds all three ofthe routes (i.e., to the namespaces 1050-1060) to its FIB as equal-costoptions. This enables the spreading of traffic across the threegateways, preventing any of them from becoming a single bottleneck forincoming traffic.

FIGS. 13 and 14 conceptually illustrate the path taken by trafficingressing into the managed network 1025. First, FIG. 13 illustrates thepath taken by a packet 1300 sent from an external source to a VM in themanaged network with a destination IP address of 10.0.1.1. In thisfigure, the path taken by the packet 1300 is shown as the thick dashedline. The packet arrives at the external router 1065, which consults itsforwarding information base. Based on the Update packet 1205 received bythe router 1065, its FIB indicates that packets with destination IPaddresses in the range 10.0.1/24 should be sent to the namespace 1050.Accordingly, the external router 1065 forwards the packet to the gatewayhost 1035.

The packet arrives at the MFE on the gateway host 1035, which forwardsthe packet to the namespace 1050 which serves as a gateway for theparticular logical network. In some embodiments, the external router1065 would have previously sent an ARP request to the gateway host 1050requesting a MAC address for 10.0.1.1, and the namespace 1050 would haveresponded with its MAC address. As such, the packet 1300 is addressed tothe MAC address of the namespace 1050, which enables the MFE to forwardthe packet to this destination.

The namespace 1050 receives the packet, processes it through its IPnetwork stack (including its routing table), and returns the packet tothe MFE through a different interface with the MFE. In some embodiments,the processing pipeline in the namespace may include some or all ofnetwork address translation, firewall processing, and routing. Someembodiments, however, do not allow stateful services such as networkaddress translation to be performed on the gateways for distributedlogical routers with multiple gateways, due to the difficulty of statesharing. The routing performed by the namespace, in some embodiments,maps the destination IP address to a destination MAC address of thelogical router port to which the gateway attaches, in some embodiments.In other embodiments, the routing maps the destination IP address to thedestination MAC address of the VM or other entity to which the packet isbeing sent. When the MFE receives the packet through a differentinterface, this enables the MFE to treat the packet as entering thelogical router, at which point the MFE can perform logical processing toidentify the logical egress port of a logical switch for the packet, andsend the packet to the appropriate one of the VM hosts 1030.

FIG. 14 illustrates two packets 1405 and 1410 sent from the externalnetwork to VMs with IP addresses 10.0.1.1 and 10.0.1.3, respectively,through router 1070. In this case, both of these packets 1405 areforwarded by the same entry in the FIB of the router 1070, but todifferent gateways in the managed network 1025. When the external router1070 receives the packet 1405, the FIB entry indicates for the router touse an ECMP technique to choose one of the three equal cost destinations1050-1060. The router 1070, in some embodiments, hashes a set of thepacket properties in order to determine to which of the destinations tosend the packet. For instance, some embodiments use the source anddestination IP addresses, while other embodiments use source and/ordestination MAC addresses, the transport connection 5-tuple (source IPaddress, destination IP address, transport protocol, source transportport number, and destination transport port number), or othercombinations of packet properties. In order to determine how tocorrelate a hash result to a particular one of the equal-costdestinations, some embodiments simply calculate the hash modulo thenumber of listed destinations. Other embodiments use algorithms such asconsistent hashing or highest random weight, that modify the destinationfor less of the traffic when a gateway is added or removed from the listof equal-cost destinations than would a simple modulo N algorithm.

Irrespective of the algorithm used (some embodiments may not even use ahash function, but instead use other load balancing techniques), theadvertisement of the same routes by several active L3 gateways for alogical router to the same external physical router allows for thatphysical router to use its ECMP techniques to spread traffic among theseseveral gateways. Thus, in this case, the router 1070 sends the firstpacket 1405 to the namespace 1055 and the second packet 1410 to thenamespace 1060, even though these packets are governed by the sameforwarding entry in the router.

The previous example shown in FIGS. 10-14 illustrates an example of asingle logical network being implemented in a managed network 1025. Theexample of FIGS. 15-18 conceptually illustrates two logical networksimplemented in a set of gateways. In this case, the top half of FIG. 15illustrates the architecture of a first logical network 1500 and asecond logical network 1525. These logical networks have similararchitectures, with the first logical network 1500 including a logicalrouter 1515 that connects two logical switches 1505 and 1510 to eachother and to an external network 1520. The first logical switch 1505includes IP addresses in the range 10.0.0/24 and the second logicalswitch 1510 includes IP addresses in the range 10.0.1/24. The logicalrouter 1515 includes four ports that connect to the external network1520. The second logical network 1525 includes a logical router 1540that connects two logical switches 1530 and 1535 to each other and tothe external network 1520. The first logical switch 1530 includes IPaddresses in the range 11.0.0/24 and the second logical switch 1535includes IP addresses in the range 11.0.1/24. The logical router 1540includes three ports that connect to the external network 1520. Thefirst and second logical networks 1500 and 1525 belong to differenttenants, in this case.

The bottom portion of FIG. 15 illustrates the physical implementation ofthese networks in a managed network 1550, which is similar to thephysical implementation of the logical network 1000 shown in FIG. 10.For simplicity, the VM hosts 1545 are collectively represented as asingle box in this diagram. While the figure indicates a single tunnelbetween each MFE in a gateway host and the VM hosts 1545, one ofordinary skill will recognize that in some embodiments each of thegateway hosts has numerous separate tunnels to the separate machineshosting VMs of the logical networks.

The portion of the managed network 1550 that implements these twological networks 1500 and 1525 includes four gateway hosts 1555-1570. Onthree of these gateway hosts 1555, 1560, and 1570, namespacesimplementing logical ports for both the logical router 1515 and thelogical router 1540 operate. That is, the gateway host 1555 hosts both anamespace 1557 implementing a first connection to the external networkfor the logical router 1515 and a namespace 1559 implementing a firstconnection to the external network for the logical router 1540. Thegateway host 1560 hosts both a namespace 1562 implementing a secondconnection to the external network for the logical router 1515 and anamespace 1564 implementing a second connection to the external networkfor the logical router 1540. The gateway host 1570 hosts both anamespace 1572 implementing a third connection to the external networkfor the logical router 1515 and a namespace 1574 implementing a thirdconnection to the external network for the logical router 1540. Finally,the gateway host 1565 only hosts a single namespace 1567 (at least whenconsidering the implementation of these two logical networks—the gatewayhost may have namespaces for other logical networks not shown)implementing a fourth connection to the external network for the logicalrouter 1515. Thus, different logical routers may have different numbersof ports facing external networks, as determined by administratorconfiguration in some embodiments. In addition, each of the gatewayhosts 1555-1570 connects to only a single external physical router 1575.

FIG. 16 illustrates the provisioning of the BGP daemons in the sevennamespaces 1557-1574 by a controller cluster 1600, similar to theprovisioning shown in FIG. 11. In this case, however, the controllercluster generates BGP configuration data for namespaces implementingconnections for both of the logical routers 1515 and 1540. In someembodiments that use a hierarchical network of controllers such as thatshown in FIG. 3, the controller cluster 1600 includes two differentlogical controllers that generate the BGP configuration for the twodifferent logical routers. These two different logical controllers wouldthen both send the generated configuration data to the same set ofphysical controllers for distribution to the gateway hosts. A physicalcontroller that manages the gateway host 1555 would receive data fromboth of the logical controllers to distribute to the gateway host 1555.

Even if the same controller generates the data for both BGPconfigurations, in some embodiments the controller distributes this datain separate transactions. Thus, the gateway host 1555 receives datadefining the namespace 1557 and its BGP configuration separate from thedata defining the namespace 1559 and its BGP configuration. As shown,these configurations may specify the same neighbor router, but differentprefixes to advertise. In some embodiments, the BGP neighbors are storedas global information on the gateway host, for use by all of the BGPdaemons running in the various namespaces on the host. That is, eachexternal router to which a gateway host has a connection will be a peerfor all instances of BGP operating on the gateway host. In otherembodiments, the peering is determined on a per-namespace (per-L3gateway) level, and some BGP daemons on a particular host will peer witha router while others do not.

FIG. 17 conceptually illustrates the BGP Update packets sent by thevarious BGP daemons to the external router 1575, once the daemonsrunning in the various namespaces have established adjacencies with therouter. These packets are similar to those described above by referenceto FIG. 12. As a result, the router 1575 will have four equal-costoptions for packets sent to IP addresses in the ranges 10.0.0/24 and10.0.1/24, and three equal-cost options for packets sent to IP addressesin the ranges 11.0.0/24 and 11.0.1/24.

FIG. 18 conceptually illustrate the paths taken by three packetsingressing into the managed network 1550. A first packet 1805 and asecond packet 1810 both have a destination IP address of 10.0.1.1.However, while having the same destination, these packets may havedifferent additional properties (e.g., source IP address, source anddestination transport port numbers, transport protocols, etc.). As such,using its ECMP algorithm, the router 1575 sends the packets to differentnamespaces (the path of the packets is indicated by different types ofdashed/dotted lines). The router 1575 sends the first packet 1805 to thenamespace 1557 in the gateway host 1555, while sending the second packet1810 to the namespace 1567 in the gateway host 1565. Thus, even packetssent to the same IP address may be routed differently into the network.However, some embodiments require that the external router use analgorithm that routes packets from the same transport connection to thesame one of the gateways. Using a calculation based on either thesource/destination IP addresses, or the connection 5-tuple serves thispurpose.

In addition to the packet 1805 sent to the gateway host 1555, theexternal router 1575 also sends a packet 1815 with a destination IPaddress of 11.0.1.1 to this gateway host. This third packet 1815 is sentby the MFE at the gateway host 1555 to the other namespace 1559, whichroutes the packet back to the MFE for logical first-hop processing. TheMFE, in some embodiments, differentiates between the packets bydestination MAC address, as described above.

This section refers to several packets of different types. The term“packet” is used here as well as throughout this application to refer toa collection of bits in a particular format sent across a network. Oneof ordinary skill in the art will recognize that the term packet may beused herein to refer to various formatted collections of bits that maybe sent across a network, such as Ethernet frames, TCP segments, UDPdatagrams, IP packets, etc.

V. Controller as Route Server

The above sections describe a network control system in which thenetwork controller generates the BGP configuration for a logical routerimplementation, then sends that configuration to a gateway that performsboth the ingress and egress routing for the network as well as the routeadvertisement to one or more routers in the external network. In someembodiments, however, the controller or controller cluster has a directconnection to the external router, and acts as a route server. That is,in addition to generating configuration data in order for the managednetwork to implement a logical network (e.g., BGP configuration data,routing table for L3 gateways, flow entries for the MFEs, etc.), thecontroller advertises routes to one or more routers in the externalnetworks, thereby preventing this traffic from taking up bandwidth inthe data path of the gateway MFEs.

The controller of some embodiments sends BGP updates to the externalrouters that, rather than identifying the source of the packet as thenext hop for advertised prefixes, instead identify one of the namespacesimplementing a L3 gateway as the next hop. In addition, in someembodiments, the controller receives BGP packets from the routers, whichit can use to supplement the routing table for one or more logicalrouters.

FIG. 19 conceptually illustrates a process 1900 of some embodiments forgenerating BGP configuration data for a logical network and thenimplementing that configuration data by a BGP service in the controllerthat generated the data. In some embodiments, portions of the process1900 are performed by a table mapping engine and/or route generationengine within a controller, while other portions of the process areperformed by a BGP application within the controller. The controllergenerates the BGP configuration, but then provides it to a modulerunning internally, rather than distributing the configuration to agateway host that runs a BGP daemon.

As shown, the process 1900 begins by receiving (at 1905) instructions tocreate a logical router with one or more ports connecting to an externalnetwork. These instructions may be the result of a network administratordesigning a logical network (e.g., through a cloud managementapplication that passes the logical network configuration throughcontroller APIs) that includes the logical router. In some embodiments,the instructions to create the logical router specifically indicate thatthe connections to the external network should be implemented using BGP,or another protocol, for router peering and route advertisement. Inother embodiments, this capability is automatically enabled for alllogical routers with at least one connection to the external network.

Next, the process selects (at 1910) gateway host machines for each ofthe ports that connect to the logical network. Some embodiments assigneach port to a different gateway host, while other embodiments allowmultiple ports (and therefore multiple namespaces hosting routingtables) to be created on a single gateway host. In some embodiments, thegateway hosts are arranged in terms of clusters, or failure domains.These clusters, in some embodiments, may be sets of host machines thatare physically located together in the managed network, and thereforemore likely to all fail together (e.g., due to a top of rack switchfailing, power issues, etc.). Different embodiments may assign gatewaysto host machines differently respective to the clusters. For instance,some embodiments assign only one gateway per cluster for a particularlogical router, while other embodiments assign all gateways for alogical router to the same cluster. Yet other embodiments may assigngateways to several different clusters, but allow two or more gatewayswithin a single cluster.

Furthermore, in some embodiments, the gateway host machines may beassigned to different groups based on the functions for which thosegateway hosts are used. For example, within a physical managed network,some embodiments use a first group of gateway hosts for providinglogical services (e.g., DHCP, metadata proxy) and a second group ofgateway hosts for L3 gateways. Each group may span several clusters ofgateway hosts, thereby allowing for the process to select gateway hostmachines within the second group from several clusters (i.e., failuredomains).

Some embodiments allow the administrator to specify the cluster to whichthe controller assigns each logical port of the logical router, and thecontroller handles selection of the actual gateway host within thatcluster. Thus, the administrator might specify to have two logical portsassigned to gateways in a first cluster, four in a second cluster, andtwo more in a third cluster. The controller then assigns each logicalport to a specific gateway host in its selected cluster. For thisassignment, some embodiments use a load balancing technique, such ascalculating a hash function of a property of the logical router or port(e.g., a UUID assigned by the controller) modulo the number of gatewayhosts in the cluster. This assigns the logical router ports to gatewayhosts within the cluster effectively at random (even though thealgorithm itself is deterministic), and therefore load balances the L3gateways across the gateway hosts over the long run.

Some other embodiments may use other techniques to load balance the L3gateways across the hosts in a cluster. For instance, rather than usingthe hash algorithm to choose between all gateway hosts in a cluster,some embodiments choose between only those gateways with the fewestnumber of logical routers currently operating, and modulo the result ofthe hash function by this smaller number of gateways. Other embodimentsanalyze the number of logical routers on each gateway and theoperational load of the gateways (e.g., based on number of packetsprocessed over a particular timeframe) in order to determine to whichgateway host a particular logical router should be assigned.

Next, the process 1900 generates (at 1915) flow entries for the MFEs onboth the VM hosts and selected gateway host machines in order toimplement the logical router in a distributed fashion and forwardpackets within the managed network as well as handle packets enteringand exiting the network, and generates data tuples for the routing tablefor handling packets in L3 gateways implementing each logical port thatconnects to the external network. These various flow entries and routingtable data tuples are described in detail above by reference to, e.g.,FIG. 5.

The process then distributes (at 1920) the generated data tuples and/orflow entries to the various host machines. In some embodiments, the twotypes of data (flow entries and routing table data tuples) aredistributed via different protocols. Some embodiments distribute theflow entries to both the VM hosts and the gateway hosts via a firstprotocol such as OpenFlow, while distributing the routing table datatuples to the gateway hosts via a second protocol such as OVSDB. TheOVSDB protocol used in some embodiments also carries configurationinformation for the MFEs (for both the VM hosts and the gateway hosts).

In addition to generating and distributing the data for provisioning theforwarding of packets within the network, the controller of someembodiments is responsible for generating a routing protocol (e.g., BGP)configuration and handling the exchange of routing information withexternal routers. As such, the process 1900 identifies (at 1925) theaddresses (and other information) of the external network router(s) withwhich to peer for each logical port (i.e., each L3 gateway) thatconnects to the external network. In some embodiments, the administratorinputs this data for each logical port, and handles ensuring that theexternal routers are correctly connected to the gateway hosts (or, e.g.,a top of rack switch to which the gateway hosts connect). In otherembodiments, the network controller automatically determines the set ofexternal routers to which each of the gateway hosts is connected basedon its stored network state information, and uses these as the externalnetwork routers with which to peer the L3 gateway. In some route serverembodiments, the administrator also ensures that the controller is ableto connect with the external routers. In various different embodiments,the controller(s) connect to the routers via a direct connection,through other machines in the managed network (e.g., gateways or otherhost machines), etc.

With the external routers identified for each logical port, the processgenerates and installs (at 1930) a BGP configuration on the controllerusing the identified external routers, the logical networkconfiguration, and the selected host machines. In some embodiments, thecontroller instantiates a separate BGP process for each L3 gateway forwhich it acts as a route server. Thus, if the logical router is definedwith three ports facing the external network, then the controllerinstantiates three BGP processes (e.g., the BGP daemon described above,or a different BGP application) for advertising routes for each of thethree gateways. In other embodiments, the controller instantiates asingle BGP process that performs route advertisement for all of thegateways implementing ports for the logical router. In some suchembodiments, a single BGP process handles route advertisement for alllogical routers managed by the controller (e.g., for multiple differentlogical networks).

To generate the BGP configuration for the particular logical router, thecontroller (e.g., the table mapping engine in the controller) identifiesthe CIDR prefixes for the logical switches that attach to the logicalrouter, as these are the prefixes that the controller as route serverwill advertise to the external routers (which will be the same for eachgateway). In addition, the controller uses the selections of gatewayhost machines for the BGP configuration, and information generated forthe namespace that will run on the gateway host machine. The BGP processon the controller will send out packets advertising these namespaces(rather than itself) as the actual next hop(s) for the advertisedroutes, and therefore must be able to provide the requisite data aboutthe namespaces (e.g., the autonomous system number, the routeridentifier, etc.). Furthermore, the configuration requires anidentification of the external routers with which to exchange routeinformation for each namespace. In some cases, the namespace to externalrouter connections might be similar to those in FIG. 10 (i.e., withdifferent L3 gateways for the logical router connecting to differentsets of external routers), in which case the controller cannot simplyadvertise the same set of next hop destinations to each external router.Instead, the controller stores the list of neighbors for each next hopL3 gateway, such that it can send packets to each of these neighborsadvertising the particular L3 gateway as a next hop for the routes tothe logical network.

In some embodiments, the controller generates a configuration file, orseveral configuration files, for the BGP instance(s). Theseconfiguration files may be similar to the files generated by thenamespace daemon described above. The controller stores theconfiguration files in a location at which the BGP processes can accessthe files and load their configuration. At this point, the controllercan begin acting as a route server to contact the external routers.

As such, the process 1900 opens (at 1935), or attempts to open, BGPsession(s) with the neighbor external routers identified in theconfiguration. As in the inline model described in the previous section,several BGP sessions are started, each operating as its own independentstate machine. For instance, if the logical network includes three portsfacing the external network (and thus three gateways), each of whichconnect to two different external routers, then the controller willinitiate six separate BGP sessions in some embodiments. In otherembodiments, the controller initiates only one BGP session per externalrouter, and sends Updates that specify the several different next hopoptions for the routes advertised to the external router. This process1900 assumes that adjacency is established for each BGP session—if theBGP process fails to open a session with a particular router, then thecontroller continues attempting to do so in some embodiments beforetransitioning to operation 1940.

Using the BGP configuration data, the process generates (at 1940)packets for each established BGP session. In some embodiments, thesepackets are standard BGP Update packets that identify the knownreachable prefixes, the next hop destination for those prefixes, and thelist of autonomous systems through which a packet will have to pass toreach each prefix. In this case, the controller sending the Updatepacket is not the next hop—the packet instead identifies one of the L3gateways as that next hop. For routes to logical switches, the BGPpacket advertises the subnet (e.g., 10.1.1/24) and only a singleautonomous system number (that to which the L3 gateway belongs), aspackets will not have to be sent to any other autonomous systems oncereaching the L3 gateway in order to reach the VM hosts.

For each generated packet, the process sends (at 1945) the generatedpacket out of the controller to the destination physical router. Asmentioned above, this connection may be implemented as a directconnection between the controller and the external router, or may travelthrough portions of the managed network (e.g., gateways, etc. If the BGPprocess on the controller establishes adjacencies with three differentphysical routers for three L3 gateway next hops, then the process willsend three different BGP Update packets to three different destinationseach. Furthermore, the controller might be acting as a route server forseveral different logical networks, in which case the controller alsosends several different Update packets advertising completely differentroutes.

FIGS. 20-22 conceptually illustrate an example of the use of acontroller as a route server that advertises routes to an externalrouter for a logical network. FIG. 20 illustrates both the logicalnetwork 2000 and the physical implementation of that logical network ina managed network 2025. As shown in the top half of the figure, thelogical network 2000 is configured similarly to the logical network 1000of the example in the previous section, with a single logical router2015 connecting two logical switches 2005 and 2010. The first logicalswitch 2005 includes IP addresses in the subnet 12.0.0/24, and thesecond logical switch 2010 includes IP addresses in the subnet12.0.1/24. In addition, the logical router 2015 includes three portsthat connect to an external network 2020, for which route advertisementusing a controller as route server is activated.

The bottom portion of FIG. 20 illustrates the physical implementation ofthe logical network 2000. For simplicity, the VM hosts 2030 arecollectively represented as a single box in this diagram, as in FIG. 15above. The three ports of the logical router 2015 that connect to theexternal network 2020 are implemented as L3 gateways in namespaces2050-2060 that operate on gateway hosts 2035-2045, respectively. In thiscase, the three gateway hosts each connect to the same single externalrouter 2065 in order to transmit and receive packets entering andexiting the logical network.

However, unlike the previous examples, the namespaces 2050-2060 do notoperate BGP daemons or any other routing protocol applications, onlyfunctioning to process the ingressing and egressing packets. Instead, acontroller cluster 2070 operates to (i) provide provisioning data to thehost machines 2030-2045 and (ii) operate as a route server to exchangerouting information with the external router 2065. In this figure, thedashed lines between the controller cluster 2070 and the host machines2030-2045 indicates control path connections, while the solid lines(between the gateways 2035-2045 and the router 2065, the gateways2035-2045 and the VM hosts 2030, and the controller cluster 2070 and therouter 2065) indicate data path connections.

FIG. 21 conceptually illustrates some of the control and data path datasent by the controller cluster 2070 in order to effectuate the logicalrouter 2015. As shown, the controller cluster 2070 distributes logicalrouter configuration data 2105 (e.g., as data tuples defining routingtables for the namespaces, as flow entries for the MFEs, etc.) to thegateway hosts 2035-2045. In some embodiments, the controller clustersends this data in two channels, with the flow entries for the MFE sentvia a first protocol (e.g., OpenFlow) and the data tuples defining thenamespace and the routing table for the namespace sent via a secondprotocol (e.g., OVSDB). The controller cluster of some embodimentsdistributes the logical router configuration data 2105 through ahierarchy of controllers, with a single logical controller generatingthe data and distributing the data to the various physical controllersthat manage and directly provide data to the three gateway hosts 2045.

In addition, the controller cluster 2070 transmits three separate BGPpackets to the external network router 2065. Some embodiments establishthree separate sessions with the external router 2065 (one for eachgateway for which the controller acts as a route server), while otherembodiments transmit the three BGP Updates as part of a single session.These BGP packets each (i) advertise the CIDR prefixes 12.0.0/24 and12.0.1/24, (ii) indicate for each of the prefixes the ordered list ofautonomous systems used to reach addresses in the range defined by theprefixes (which will be the single autonomous system for the logicalnetwork, in most situations), and (iii) identify the next hop for theadvertised prefixes. In some embodiments, only this next hop variesbetween the three packets, as this identifies the different gateways.

As a result of receiving these three packets, the physical router 2065updates its routing table to include three possible equal cost next hopsfor packets in the identified IP address ranges (12.0.0/24 and12.0.1/24). Assuming the router 2065 has ECMP capabilities, it willspread the traffic for these IP ranges between the three L3 gateways onthe hosts 2035-2045. FIG. 22 conceptually illustrates the path taken byseveral packets 2205 and 2210 entering the managed network 2025. Both ofthe packets are received by the logical router 2065, and processed bythe same forwarding information base entry. This entry states to use anECMP algorithm to decide among the three possible next hops (L3gateways) for a packet. As a result, the router sends the first packet2205 to the namespace 2055 on the gateway host 2040 and the secondpacket 2210 to the namespace 2060 on the gateway host 2045. The MFEs andnamespaces process the packets as described above in the previoussection in order to forward the packets to the destination virtualmachines.

FIG. 23 conceptually illustrates the software architecture of acontroller 2300 of some embodiments that acts as a route server for alogical network. As shown, the controller 2300 includes an inputinterface 2305, a table mapping state computation module 2310, a hostassignment module 2315, a distribution interface 2320, a BGP service2325, and an external network interface 2330. In addition, the networkcontroller 2300 includes one or more state storage databases 2335, whichin some embodiments stores input and/or output of the table mappingstate computation module.

The input interface 2305 of some embodiments receives input from one ormore users to define logical networks (e.g., sets of VMs connectedthrough logical switches, logical routers, middleboxes, gateways toexternal networks, etc.). For example, a user could define a logicalnetwork such as that shown in FIG. 20, described above. In someembodiments, the request received at the input interface specifies thelogical ports in terms of source and destination MAC addresses entered(or selected) by the user.

When the input interface 2305 receives a specification of a logicalnetwork, the interface of some embodiments translates this specificationinto logical control plane data that defines the logical network, andpasses this data to the table mapping state computation module 2310. Insome embodiments, the input interface 2305 reads this logical controlplane data into input tables of the state computation module 2310. Thetable mapping state computation module 2310 of some embodiments includesa table mapping engine with a set of input tables and output tables, andmaps records in the input tables to records in the output tablesaccording to a set of rules. More specifically, some embodimentstranslate logical control plane data into logical forwarding plane dataand subsequently translate the logical forwarding plane data intouniversal or customized physical control plane data that can be passeddown to the MFEs that implement the logical network. The table mappingstate computation module 2310 of some embodiments uses nLog, and isdescribed in greater detail in U.S. Publication 2013/0058228, which isincorporated herein by reference.

In addition to generating the physical control plane data, in someembodiments the table mapping state computation module 2310 generatesother data tuples, such as those for the routing tables, and BGPconfiguration data. As described above, the state computation module mayuse a set of hosts selected for hosting gateways by the host assignmentmodule 2315, the IP address ranges of the VMs connected to the logicalnetworks, and information entered through the input interface about theexternal router(s) to compute the BGP configuration data tuples.

In some embodiments, the table mapping state computation module 2310stores its output state in the state storage database(s) 2335. Thisdatabase 2335 stores MAC address to logical port bindings, physicalcontrol plane data output by the table mapping state computation module2335, routing table data tuples, BGP configuration information, andother data in some embodiments.

The host assignment module 2315 uses a hash function or other algorithmto select gateway hosts for a logical network in some embodiments. Basedon information provided by the state computation module 2310, the hostassignment module 2315 determines the set of gateway hosts and returnsthis selection to the state computation module. For instance, in someembodiments, based on logical network configuration input, the statecomputation module 2310 specifies that a particular logical router willhave a specific number of L3 gateways located in a specific set ofgateway host clusters. The state computation module 2310 requests thatthe host assignment module 2315 select a particular gateway host in aparticular cluster, information which the state computation module useswhen generating the state and the BGP configuration.

As shown, the controller 2300 distributes data to host machines (both VMhosts and gateway hosts) through its MFE interface 2320. Through thisinterface, the controller distributes physical control plane data,routing table and configuration data tuples, etc. to the MFEs, L3gateways, etc. at the host machines. In some embodiments, the interfaceis a direct connection to the host machines, while in other embodimentsthe controller 2300 is a logical controller that distributes thegenerated data to a set of physical controllers. Furthermore, in theinline model embodiments, in which the BGP service operates in thegateways rather than the controller, the controller uses this interfaceto distribute BGP configuration data tuples.

In the illustrated embodiments, however, the BGP service 2325 operateson the controller. This BGP service receives and installs aconfiguration or set of configurations from the table mapping statecomputation 2310 (e.g., as a set of data tuples), and then establishesBGP sessions with routers outside of the managed network according tothis configuration. In some embodiments, the BGP service 2325 combinesthe functionality of the namespace daemon and the BGP daemon, in that itreceives the data tuples defining the configuration, generates aconfiguration file useable for instantiating a BGP process, reads andinstalls the configuration file, and establishes and participates in BGPsessions with the external routers.

The BGP service 2325 of some embodiments opens and establishes BGPsessions with the external routers 2340 through the external networkinterface 2330. This interface may be a NIC that handles IP packets insome embodiments, similar to the connections between gateways andexternal routers. Through this interface, the BGP service 2325 sendsupdates to the external routers 2340 for each BGP session that itestablishes, enabling the routers 2340 to forward packets into thelogical networks via the gateways provisioned by the controller 2300.

In addition to advertising routes into the logical network to theexternal router, in some embodiments the controller cluster as routeserver receives BGP packets from the external router and uses these toupdate the routing tables for the logical network. In general, BGP is abidirectional protocol, in that each router in a peer-to-peer sessionsends its routing information to the other router in the session. Assuch, the external router(s) of some embodiments send their informationto the controller cluster, indicating reachable IP addresses andprefixes. IF, as in FIG. 10, some of the L3 gateways connect to multiplerouters, then the controller cluster can determine, for various IPaddresses advertised by the L3 gateways, which of the external routersis the optimal next hop for the IP addresses. The controller cluster canthen add this information to the routing table that it distributes tothe L3 gateways.

While the above section describes using the controller as a routeserver, some embodiments instead use one or more gateway host machines,separate from the gateway hosts that process ingress and egress trafficfor a logical network, as route servers for the logical router. FIG. 24conceptually illustrates such a managed network 2400 of some embodimentswithin which a logical network (similar in structure to that of FIG. 1or FIG. 10) is implemented, and which uses a separate gateway as a routeserver. For simplicity, this figure does not illustrate the hostmachines upon which the VMs attached to the logical network reside.

The logical router has three ports connecting to the external network,and therefore these ports are implemented on three gateways 2405-2415,in three namespaces 2420-2430. These namespaces operate as L3 gatewaysto handle ingress and egress traffic, but do not operate a routingprotocol application, and therefore do not exchange data with theexternal network router 2435. Instead, the controller selects a fourthgateway host 2440 to operate as a route server for the logical network.A namespace 2445 operates on the gateway host 2440, running a BGP daemonsimilar to those shown above in Section II.

As shown, the controller cluster 2450 generates and distributes (i)logical router configuration data to the three gateway hosts 2405-2415in order to configure the L3 gateways in the namespaces 2420-2430 and(ii) BGP configuration data to the gateway host 2440 in order toconfigure the BGP daemon operating in the namespace 2440. This enablesthe namespace 2445 to open one or more BGP sessions with the externalrouter 2435 and advertise route information to the external routerindicating the three L3 gateways as possible next hops for the IPaddresses of the logical network.

VI. Electronic System

Many of the above-described features and applications are implemented assoftware processes that are specified as a set of instructions recordedon a computer readable storage medium (also referred to as computerreadable medium). When these instructions are executed by one or moreprocessing unit(s) (e.g., one or more processors, cores of processors,or other processing units), they cause the processing unit(s) to performthe actions indicated in the instructions. Examples of computer readablemedia include, but are not limited to, CD-ROMs, flash drives, RAM chips,hard drives, EPROMs, etc. The computer readable media does not includecarrier waves and electronic signals passing wirelessly or over wiredconnections.

In this specification, the term “software” is meant to include firmwareresiding in read-only memory or applications stored in magnetic storage,which can be read into memory for processing by a processor. Also, insome embodiments, multiple software inventions can be implemented assub-parts of a larger program while remaining distinct softwareinventions. In some embodiments, multiple software inventions can alsobe implemented as separate programs. Finally, any combination ofseparate programs that together implement a software invention describedhere is within the scope of the invention. In some embodiments, thesoftware programs, when installed to operate on one or more electronicsystems, define one or more specific machine implementations thatexecute and perform the operations of the software programs.

FIG. 25 conceptually illustrates an electronic system 2500 with whichsome embodiments of the invention are implemented. The electronic system2500 can be used to execute any of the control, virtualization, oroperating system applications described above. The electronic system2500 may be a computer (e.g., a desktop computer, personal computer,tablet computer, server computer, mainframe, a blade computer etc.),phone, PDA, or any other sort of electronic device. Such an electronicsystem includes various types of computer readable media and interfacesfor various other types of computer readable media. Electronic system2500 includes a bus 2505, processing unit(s) 2510, a system memory 2525,a read-only memory 2530, a permanent storage device 2535, input devices2540, and output devices 2545.

The bus 2505 collectively represents all system, peripheral, and chipsetbuses that communicatively connect the numerous internal devices of theelectronic system 2500. For instance, the bus 2505 communicativelyconnects the processing unit(s) 2510 with the read-only memory 2530, thesystem memory 2525, and the permanent storage device 2535.

From these various memory units, the processing unit(s) 2510 retrieveinstructions to execute and data to process in order to execute theprocesses of the invention. The processing unit(s) may be a singleprocessor or a multi-core processor in different embodiments.

The read-only-memory (ROM) 2530 stores static data and instructions thatare needed by the processing unit(s) 2510 and other modules of theelectronic system. The permanent storage device 2535, on the other hand,is a read-and-write memory device. This device is a non-volatile memoryunit that stores instructions and data even when the electronic system2500 is off. Some embodiments of the invention use a mass-storage device(such as a magnetic or optical disk and its corresponding disk drive) asthe permanent storage device 2535.

Other embodiments use a removable storage device (such as a floppy disk,flash drive, etc.) as the permanent storage device. Like the permanentstorage device 2535, the system memory 2525 is a read-and-write memorydevice. However, unlike storage device 2535, the system memory is avolatile read-and-write memory, such a random access memory. The systemmemory stores some of the instructions and data that the processor needsat runtime. In some embodiments, the invention's processes are stored inthe system memory 2525, the permanent storage device 2535, and/or theread-only memory 2530. From these various memory units, the processingunit(s) 2510 retrieve instructions to execute and data to process inorder to execute the processes of some embodiments.

The bus 2505 also connects to the input and output devices 2540 and2545. The input devices enable the user to communicate information andselect commands to the electronic system. The input devices 2540 includealphanumeric keyboards and pointing devices (also called “cursor controldevices”). The output devices 2545 display images generated by theelectronic system. The output devices include printers and displaydevices, such as cathode ray tubes (CRT) or liquid crystal displays(LCD). Some embodiments include devices such as a touchscreen thatfunction as both input and output devices.

Finally, as shown in FIG. 25, bus 2505 also couples electronic system2500 to a network 2565 through a network adapter (not shown). In thismanner, the computer can be a part of a network of computers (such as alocal area network (“LAN”), a wide area network (“WAN”), or an Intranet,or a network of networks, such as the Internet. Any or all components ofelectronic system 2500 may be used in conjunction with the invention.

Some embodiments include electronic components, such as microprocessors,storage and memory that store computer program instructions in amachine-readable or computer-readable medium (alternatively referred toas computer-readable storage media, machine-readable media, ormachine-readable storage media). Some examples of such computer-readablemedia include RAM, ROM, read-only compact discs (CD-ROM), recordablecompact discs (CD-R), rewritable compact discs (CD-RW), read-onlydigital versatile discs (e.g., DVD-ROM, dual-layer DVD-ROM), a varietyof recordable/rewritable DVDs (e.g., DVD-RAM, DVD-RW, DVD+RW, etc.),flash memory (e.g., SD cards, mini-SD cards, micro-SD cards, etc.),magnetic and/or solid state hard drives, read-only and recordableBlu-Ray® discs, ultra density optical discs, any other optical ormagnetic media, and floppy disks. The computer-readable media may storea computer program that is executable by at least one processing unitand includes sets of instructions for performing various operations.Examples of computer programs or computer code include machine code,such as is produced by a compiler, and files including higher-level codethat are executed by a computer, an electronic component, or amicroprocessor using an interpreter.

While the above discussion primarily refers to microprocessor ormulti-core processors that execute software, some embodiments areperformed by one or more integrated circuits, such as applicationspecific integrated circuits (ASICs) or field programmable gate arrays(FPGAs). In some embodiments, such integrated circuits executeinstructions that are stored on the circuit itself.

As used in this specification, the terms “computer”, “server”,“processor”, and “memory” all refer to electronic or other technologicaldevices. These terms exclude people or groups of people. For thepurposes of the specification, the terms display or displaying meansdisplaying on an electronic device. As used in this specification, theterms “computer readable medium,” “computer readable media,” and“machine readable medium” are entirely restricted to tangible, physicalobjects that store information in a form that is readable by a computer.These terms exclude any wireless signals, wired download signals, andany other ephemeral signals.

While the invention has been described with reference to numerousspecific details, one of ordinary skill in the art will recognize thatthe invention can be embodied in other specific forms without departingfrom the spirit of the invention. In addition, a number of the figures(including FIGS. 5, 8, 9, and 19) conceptually illustrate processes. Thespecific operations of these processes may not be performed in the exactorder shown and described. The specific operations may not be performedin one continuous series of operations, and different specificoperations may be performed in different embodiments. Furthermore, theprocess could be implemented using several sub-processes, or as part ofa larger macro process. Thus, one of ordinary skill in the art wouldunderstand that the invention is not to be limited by the foregoingillustrative details, but rather is to be defined by the appendedclaims.

We claim:
 1. A host machine in a managed network that interfaces with atleast one router external to the managed network, the host machinecomprising: a managed forwarding element for using flow entries receivedfrom a network controller to process data packets for a logical network;and a virtualized container operating as a gateway for the logicalnetwork, the virtualized container comprising: a routing table forrouting (i) packets received at the managed forwarding element from therouter external to the managed network and (ii) packets received at themanaged forwarding element from a different host machine in the managednetwork with a destination address outside of the logical network; and arouting protocol application for peering with the router external to themanaged network in order for the logical network to advertise a set ofnetwork addresses in the logical network that are reachable through thegateway.
 2. The host machine of claim 1, wherein the logical networkcomprises at least one logical switch to which virtual machines attach,the virtual machines having a range of network addresses, wherein theadvertised set of network addresses comprises the range of networkaddresses.
 3. The host machine of claim 1, wherein the routing protocolapplication advertises the gateway as a next hop for the set of networkaddresses in the logical network.
 4. The host machine of claim 1,wherein the virtualized container is a namespace.
 5. The host machine ofclaim 1, wherein the routing protocol application uses Border GatewayProtocol (BGP) to establish adjacency with the router and exchangerouting information with the router.
 6. The host machine of claim 1further comprising a daemon for receiving database records defining aconfiguration for the routing protocol application and converting thereceived database records into a configuration file for the routingprotocol application.
 7. The host machine of claim 6, wherein themanaged forwarding element and the daemon are part of virtualizationsoftware operating on the host machine.
 8. The host machine of claim 7,wherein the virtualization software further comprises a database daemonfor communicating with a controller to receive (i) data tuples definingthe configuration for the routing protocol application and (ii) datatuples defining configuration data for the managed forwarding element.9. The host machine of claim 6, wherein the configuration comprises datadefining settings for the routing protocol application, the set ofnetwork addresses reachable through the gateway, and data defining a setof routers external to the managed network with which to peer.
 10. Thehost machine of claim 1, wherein the logical network is a first logicalnetwork implemented across a first plurality of host machines, thevirtualized container operating as a gateway is a first virtualizedcontainer operating as a first gateway, the routing table is a firstrouting table, and the routing protocol application is a first routingprotocol application, wherein the managed forwarding element is furtherfor using additional flow entries received from the network controllerto process data packets for a second logical network implemented acrossa second plurality of host machines, the host machine further comprisinga second virtualized container operating as a second gateway for thesecond logical network, the second virtualized container comprising: asecond routing table for routing (i) packets received at the managedforwarding element from the router external to the managed network witha destination address in the second logical network and (ii) packetsreceived at the managed forwarding element from a different host machinein the second plurality of host machines with a destination addressoutside of the second logical network; and a routing protocolapplication for peering with the router external to the managed networkin order for the second logical network to advertise a second set ofnetwork addresses reachable through the second gateway.
 11. Anon-transitory machine readable medium storing a network controllerprogram to manage a plurality of logical networks, the program forexecution by at least one set of processing units, the programcomprising sets of instructions for: receiving a specification of alogical network that comprises a logical forwarding element with atleast two logical ports that each connect the logical network to anexternal network and that each peer with a physical router of theexternal network in order to advertise network address reachabilityinformation for the logical network to the external network; selectinghost machines from a plurality of host machines to host gateways forimplementing each of the logical ports that connect the logical networkto the external network; and generating, for distribution to each of thegateways, data tuples defining (i) a routing table for implementing theconnection between the logical network and the external network for theport implemented by the gateway and (ii) a configuration for a routingprotocol application operated by the gateway, said routing protocolapplication enabling the gateway to peer with the physical router of theexternal network peering with the logical port implemented by thegateway.
 12. The non-transitory machine readable medium of claim 11,wherein the data tuples defining the configuration for the routingprotocol application for the gateway implementing a particular one ofthe logical ports comprise a network address, an autonomous systemnumber, a keep-alive time, and a hold-down timer for the physical routerof the external network.
 13. The non-transitory machine readable mediumof claim 11, wherein the set of instructions for selecting host machinesto host gateways for implementing each of the logical ports thatconnects the logical network to the external network comprises a set ofinstructions for selecting a different host machine from the pluralityof host machines to implement each of the logical ports.
 14. Thenon-transitory machine readable medium of claim 11, wherein the datatuples defining the configuration for the routing protocol applicationfor the gateway implementing a particular one of the logical portscomprise data regarding a plurality of physical routers with which theparticular logical port peers.
 15. The non-transitory machine readablemedium of claim 11, wherein the data tuples defining the configurationfor the routing protocol application for a particular gateway comprise alocal autonomous system number, a router identifier, and a list ofnetwork addresses to advertise as reachable through the particulargateway.
 16. The non-transitory machine readable medium of claim 11,wherein the network reachability information comprises reachabilityinformation for at least two subnets of the logical network.
 17. Thenon-transitory machine readable medium of claim 16, wherein the logicalforwarding element is a logical router, wherein each of the at least twosubnets of the logical network corresponds to a different logical switchthat connects to the logical router.
 18. The non-transitory machinereadable medium of claim 11, wherein the logical network is implementedby a plurality of managed forwarding elements operating on a secondplurality of host machines.
 19. The non-transitory machine readablemedium of claim 18, wherein the second plurality of host machines hostsvirtual machines that connect to logical switches of the logicalnetwork.
 20. The non-transitory machine readable medium of claim 11,wherein each of the gateways is implemented in a virtualized containeroperating on its respective host machine.
 21. The non-transitory machinereadable medium of claim 11, wherein the routing protocol applicationfor the gateway implementing a particular one of the logical ports usesBorder Gateway Protocol (BGP) to establish adjacency with the physicalrouter.
 22. The non-transitory machine readable medium of claim 11,wherein a daemon operating on the host machine selected for the gatewayimplementing a particular logical port receives the data tuples definingthe configuration for the routing protocol application of the gatewayand converts the data tuples into a configuration file for the routingprotocol application.
 23. The non-transitory machine readable medium ofclaim 11, wherein a first one of the logical ports peers with a firstphysical router on a first subnet of the external network and a secondlogical port peers with a second physical router on a second subnet ofthe external network.